Login
- Table of Contents
-
- 04-Layer 3-IP Routing Configuration Guide
- 00-Preface
- 01-Basic IP routing configuration
- 02-Static routing configuration
- 03-RIP configuration
- 04-OSPF configuration
- 05-IS-IS configuration
- 06-BGP configuration
- 07-Policy-based routing configuration
- 08-IPv6 static routing configuration
- 09-RIPng configuration
- 10-OSPFv3 configuration
- 11-Routing policy configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-BGP configuration | 2.10 MB |
Settlements for problems in large-scale BGP networks
Restrictions: Licensing requirements for BGP
Restrictions and guidelines: BGP configuration
Basic BGP network configuration tasks at a glance (IPv4 unicast/IPv4 multicast)
Basic BGP network configuration tasks at a glance (IPv6 unicast/IPv6 multicast)
Configuring an IBGP peer group
Configuring an EBGP peer group
Specifying the source address of TCP connections
Controlling BGP route generation, advertisement, and reception
Configuring BGP route summarization
Advertising optimal routes in the IP routing table
Advertising a default route to a peer or peer group
Limiting routes received from a peer or peer group
Enabling prioritized withdrawal of the default route
Enabling prioritized withdrawal of specific routes
Configuring BGP route distribution filtering policies
Setting the BGP route sending rate
Configuring BGP route reception filtering policies
Configuring BGP route update delay
Configuring a startup policy for BGP route updates
Configuring the link bandwidth attribute
Configuring the keepalive interval and hold time
Setting the session retry timer
Configuring the interval for sending updates for the same route
Setting an update delay for local MPLS labels
Configuring BGP logging and notifications
Enabling logging for session state changes
Enabling logging for BGP route flapping
Configuring BGP network management
Display and maintenance commands for basic BGP network building
Basic IPv4 BGP network configuration examples
Example: Configuring basic BGP
Example: Configuring BGP and IGP route redistribution
Example: Configuring dynamic BGP peers
Example: Configuring BGP route summarization
Example: Configuring multicast BGP
Basic IPv6 BGP network configuration examples
Example: Configuring IPv6 BGP basics
Example: Configuring IPv6 multicast BGP
Configuring large-scale BGP networks
Large-scale BGP network configuration tasks at a glance
Configuring BGP route dampening
Configuring BGP route reflection
Configuring a BGP route reflector
Ignoring the ORIGINATOR_ID attribute
Clearing the route reflection attributes of a route before forwarding the route
Configuring BGP confederation settings
Configuring a BGP confederation
Configuring confederation compatibility
Display and maintenance commands for large-scale BGP network configuration
Large-scale BGP network configuration examples
Example: Configuring BGP communities
Example: Configuring BGP route reflector
Example: Configuring BGP confederation
Controlling BGP path selection
BGP path selection control tasks at a glance
Setting a preferred value for received routes
Configuring preferences for BGP routes
Configuring the default local preference
Configuring the default MED value
Enabling MED comparison for routes from different ASs
Enabling MED comparison for routes on a per-AS basis
Enabling MED comparison for routes from confederation peers
Configuring the NEXT_HOP attribute
Configuring the AS_PATH attribute
Permitting local AS number to appear in routes from a peer or peer group
Ignoring the AS_PATH attribute during optimal route selection
Advertising a fake AS number to a peer or peer group
Configuring AS number substitution
Removing private AS numbers from sent updates
Ignoring the first AS number of EBGP route updates
Setting an AS number quantity threshold
Ignoring IGP metrics during optimal route selection
Configuring the AIGP attribute
Ignoring router IDs during optimal route selection
Preferring routes with an IPv6 next hop during optimal route selection
Display and maintenance commands for BGP path selection control
BGP path selection control configuration examples
Example: Configuring BGP path selection
Tuning and optimizing BGP networks
BGP network tuning and optimization tasks at a glance
Enabling BGP to establish an EBGP session over multiple hops
Enabling immediate re-establishment of direct EBGP connections upon link failure
Protecting an EBGP peer when memory usage reaches level 2 threshold
Enabling BGP ORF capabilities negotiation
Enabling BGP ORF capabilities negotiation for a peer or peer group
Enabling nonstandard BGP ORF capabilities negotiation for a peer or peer group
Enabling 4-byte AS number suppression
Disabling BGP session establishment
About disabling BGP session establishment
Disabling BGP session establishment with a peer or peer group (IPv4 peers)
Disabling BGP session establishment with a peer or peer group (IPv6 peers)
Disabling BGP session establishment with all peers or peer groups
Enabling route refresh (IPv4 peers)
Enabling route refresh (IPv6 peers)
Configuring BGP soft-reset by saving route updates
Configuring manual soft-reset (IPv4 unicast/multicast address family)
Configuring manual soft-reset (IPv6 unicast/multicast address family)
Configuring BGP load balancing
Configuring the BGP Additional Paths feature
Configuring BGP optimal route selection delay
Setting the delay time for responding to recursive next hop changes
Configuring peer flap dampening
Setting a DSCP value for outgoing BGP packets
Flushing the suboptimal BGP route to the RIB
Enabling BGP to not flush specific routes to the routing table
Specifying a label allocation mode
Disabling optimal route selection for labeled routes without tunnel information
Recursing unlabeled public BGP routes to LSPs
Disabling MPLS local IFNET tunnel establishment
Display and maintenance commands for BGP network tuning and optimization
BGP network tuning and optimization configuration examples
Example: Configuring BGP load balancing
Example: Configuring the BGP Additional Paths feature
Configuring BGP security features
BGP security feature configuration tasks at a glance
Enabling MD5 authentication for BGP peers
Enabling keychain authentication for BGP peers
Configuring IPsec for IPv6 BGP
Configuring RPKI connection parameters
Applying the BGP RPKI validation state to optimal route selection
Advertising BGP RPKI validation state to a peer or peer group
Display and maintenance commands for BGP security features
IPv4 BGP security feature configuration examples
IPv6 BGP security feature configuration examples
Example: Configuring IPsec for IPv6 BGP packets
Improving BGP network reliability
BGP network reliability improvement tasks at a glance
Configuring BGP FRR by using a routing policy (IPv4 unicast address family)
Configuring BGP FRR by using a routing policy (IPv6 unicast address family)
Configuring BGP FRR through PIC (IPv4 unicast address family)
Configuring BGP FRR through PIC (IPv6 unicast address family)
Display and maintenance commands for BGP network reliability improvement
IPv4 BGP network reliability improvement configuration examples
Example: Configuring BFD for BGP
IPv6 BGP network reliability improvement configuration examples
Example: Configuring BFD for IPv6 BGP
Example: Configuring IPv6 BGP FRR
Configuring extended BGP features
Extended BGP feature configuration tasks at a glance
Configuring BGP LS route reflection
Specifying an AS number and a router ID for BGP LS messages
Performing manual soft-reset for BGP sessions of BGP LS or BGP-VPN LS address family
Configuring the BGP Additional Paths feature for 6PE
Controlling path selection for 6PE
Controlling 6PE route advertisement and reception
Configuring 6PE route reflection
Display and maintenance commands for extended BGP features
Extended IPv4 BGP feature configuration examples
Extended IPv6 BGP feature configuration examples
BGP overview
Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271).
BGP characteristics
BGP has the following characteristics:
· Focuses on route control and selection rather than route discovery and calculation.
· Uses TCP to enhance reliability.
· Measures the distance of a route by using a list of ASs that the route must travel through to reach the destination. BGP is also called a path-vector protocol.
· Supports CIDR.
· Reduces bandwidth consumption by advertising only incremental updates. BGP is very suitable to advertise large numbers of routes on the Internet.
· Eliminates routing loops by adding AS path information to BGP route updates.
· Uses policies to implement flexible route filtering and selection.
· Has good scalability.
BGP speaker and BGP peer
A router running BGP is a BGP speaker. A BGP speaker establishes peer relationships with other BGP speakers to exchange routing information over TCP connections.
Based on the AS, a BGP peer can be either of the following types:
· IBGP peer—Resides in the same AS as the local router.
· EBGP peer—Resides in different ASs from the local router.
Based on the IP version, a BGP peer can be either of the following types:
· IPv4 peer—Uses an IPv4 address to establish a peer relationship with the local router.
· IPv6 peer—Uses an IPv6 address to establish a peer relationship with the local router.
BGP message types
BGP uses the following message types:
· Open—After establishing a TCP connection, BGP sends an OPEN message to establish a session to the peer.
· Update—BGP sends UPDATE messages to exchange routing information between peers. Each UPDATE message can advertise a group of feasible routes with identical attributes and multiple withdrawn routes.
· Keepalive—BGP sends KEEPALIVE messages between peers to maintain connectivity.
· Route-refresh—BGP sends a ROUTE-REFRESH message to request the routing information for a specific address family from a peer.
· Notification—BGP sends a NOTIFICATION message upon detecting an error and immediately closes the connection.
BGP path attributes
BGP uses the following path attributes in UPDATE messages for route filtering and selection:
ORIGIN
The ORIGIN attribute specifies the origin of BGP routes. This attribute has the following types:
· IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute.
· EGP—Has the second highest priority. Routes obtained through EGP have the EGP attribute.
· INCOMPLETE—Has the lowest priority. The source of routes with this attribute is unknown. Routes redistributed from other routing protocols have the INCOMPLETE attribute.
AS_PATH
The AS_PATH attribute identifies the ASs through which a route has passed. Before advertising a route to another AS, BGP adds the local AS number into the AS_PATH attribute, so the receiver can determine ASs to route the message back.
The AS_PATH attribute has the following types:
· AS_SEQUENCE—Arranges AS numbers in sequence. As shown in Figure 1, the number of the AS closest to the receiver's AS is leftmost.
· AS_SET—Arranges AS numbers randomly.
Figure 1 AS_PATH attribute
BGP uses the AS_PATH attribute to implement the following functions:
· Avoid routing loops—A BGP router does not receive routes containing the local AS number to avoid routing loops.
· Affect route selection—BGP gives priority to the route with the shortest AS_PATH length if other factors are the same. As shown in Figure 1, the BGP router in AS 50 gives priority to the route passing AS 40 for sending data to the destination 8.0.0.0. In some applications, you can apply a routing policy to control BGP route selection by modifying the AS_PATH length. For more information about routing policy, see "Configuring routing policies."
· Filter routes—By using an AS path list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about AS path list, see "Configuring routing policies."
NEXT_HOP
The NEXT_HOP attribute may not be the IP address of a directly connected router. Its value is determined as follows:
· When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP.
· When a BGP speaker sends a received route to an EBGP peer, it sets the address of the sending interface as the NEXT_HOP.
· When a BGP speaker sends a route received from an EBGP peer to an IBGP peer, it does not modify the NEXT_HOP attribute. If load balancing is configured, BGP modifies the NEXT_HOP attribute for the equal-cost routes. For load balancing information, see "BGP load balancing."
MED (MULTI_EXIT_DISC)
BGP advertises the MED attribute between two neighboring ASs, each of which does not advertise the attribute to any other AS.
Similar to metrics used by IGPs, MED is used to determine the optimal route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it selects the route with the smallest MED value as the optimal route. As shown in Figure 3, traffic from AS 10 to AS 20 travels through Router B that is selected according to MED.
Figure 3 MED attribute
Generally BGP only compares MEDs of routes received from the same AS. You can also use the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs.
LOCAL_PREF
The LOCAL_PREF attribute is exchanged between IBGP peers only, and is not advertised to any other AS. It indicates the priority of a BGP router.
BGP uses LOCAL_PREF to determine the optimal route for traffic leaving the local AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it selects the route with the highest LOCAL_PREF value as the optimal route. As shown in Figure 4, traffic from AS 20 to AS 10 travels through Router C that is selected according to LOCAL_PREF.
Figure 4 LOCAL_PREF attribute
COMMUNITY
The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community.
A route can carry one or more COMMUNITY attribute values (each of which is represented by a 4-byte integer). A router uses the COMMUNITY attribute to determine whether to advertise the route and the advertising scope without using complex filters such as ACLs. This mechanism simplifies routing policy configuration, management, and maintenance.
Well-known COMMUNITY attributes involve the following:
· INTERNET—By default, all routes belong to the Internet community. Routes with this attribute can be advertised to all BGP peers.
· NO_EXPORT—Routes with this attribute cannot be advertised out of the local AS or out of the local confederation, but can be advertised to other sub-ASs in the confederation. For confederation information, see "Settlements for problems in large-scale BGP networks."
· No_ADVERTISE—Routes with this attribute cannot be advertised to other BGP peers.
· No_EXPORT_SUBCONFED—Routes with this attribute cannot be advertised out of the local AS or other sub-ASs in the local confederation.
You can configure BGP community lists to filter BGP routes based on the BGP COMMUNITY attribute.
Extended community attribute
To meet new demands, BGP defines the extended community attribute. The extended community attribute has the following advantages over the COMMUNITY attribute:
· Provides more attribute values by extending the attribute length to eight bytes.
· Allows for using different types of extended community attributes in different scenarios to enhance route filtering and control and simplify configuration and management.
The device supports the route target, link bandwidth, color, and Site of Origin (SoO) extended community attributes. For information about route target, see MPLS Configuration Guide. For information about the color attribute, see SR policy configuration in Segment Routing Configuration Guide.
The link bandwidth attribute carries the bandwidth of the interface directly connected to an EBGP peer or peer group. The link bandwidth attribute will be advertised to IBGP peers.
The SoO attribute specifies the site where the route originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.
The SoO attribute has the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 100:3.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.
· 32-bit IP address/IPv4 address mask length:16-bit user-defined number. For example, 192.168.122.15/24:1.
· 32-bit AS number in dotted format:16-bit user-defined number. For example, 65535.65535:1.
BGP route selection
BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the optimal route in the following sequence:
1. The route with the highest Preferred_value.
2. The route with the highest LOCAL_PREF.
3. The route generated by the network command, the route redistributed by the import-route command, or the summary route in turn.
4. The route with the smallest AIGP attribute value.
5. The route with the shortest AS_PATH.
6. The IGP, EGP, or INCOMPLETE route in turn.
7. The route with the lowest MED value.
8. The route learned from EBGP, confederation EBGP, confederation IBGP, or IBGP in turn.
9. The route with the smallest IGP metric.
10. The route with the smallest recursion depth.
11. If a route received from an EBGP peer is the current optimal route, BGP does not change the optimal route when it receives routes from other EBGP peers.
12. The route advertised by the router with the smallest router ID.
If one of the routes is advertised by a route reflector, BGP compares the ORIGINATOR_ID of the route with the router IDs of other routers. Then, BGP selects the route with the smallest ID as the optimal route.
13. The route with an IPv4 next hop.
14. The route with the shortest CLUSTER_LIST.
15. The route advertised by the peer with the lowest IP address.
The CLUSTER_IDs of route reflectors form a CLUSTER_LIST. If a route reflector receives a route that contains its own CLUSTER ID in the CLUSTER_LIST, the router discards the route to avoid routing loops.
If load balancing is configured, the system selects available routes to implement load balancing.
BGP route advertisement rules
BGP follows these rules for route advertisement:
· When multiple feasible routes to a destination exist, BGP advertises only the optimal route to its peers. If the advertise-rib-active command is configured, BGP advertises the optimal route in the IP routing table. If not, BGP advertises the optimal route in the BGP routing table.
· BGP advertises only routes that it uses.
· BGP advertises routes learned from an EBGP peer to all BGP peers, including both EBGP and IBGP peers.
· BGP advertises routes learned from an IBGP peer to EBGP peers, rather than other IBGP peers.
· After establishing a session to a new BGP peer, BGP advertises all the routes matching the above rules to the peer. After that, BGP advertises only incremental updates to the peer.
BGP load balancing
BGP load balancing is applicable between EBGP peers, between IBGP peers, and between confederations.
BGP implements load balancing through route recursion and route selection.
BGP load balancing through route recursion
The next hop of a BGP route might not be directly connected. One of the reasons is that the next hop information exchanged between IBGP peers is not modified. The BGP router must find the directly connected next hop through IGP. The matching route with the direct next hop is called the recursive route. The process of finding a recursive route is route recursion.
If multiple recursive routes to the same destination are load balanced, BGP generates the same number of next hops to forward packets.
BGP load balancing based on route recursion is always enabled in the system.
BGP load balancing through route selection
IGP routing protocols, such as RIP and OSPF, can use route metrics as criteria to load balance between routes that have the same metric. BGP cannot load balance between routes by route metrics as an IGP does, because BGP does not have a route computation algorithm.
BGP uses the following load balancing criteria to determine load balanced routes:
· The routes have the same ORIGIN, LOCAL_PREF, AIGP, and MED attributes.
· The routes meet the following requirements on the AS_PATH attribute:
¡ If both the balance as-path-neglect and balance as-path-relax commands are configured or only the balance as-path-neglect command is configured, the routes can have different AS_PATH attributes.
¡ If only the balance as-path-relax command is configured, the routes can have different AS_PATH attributes, but the length of the AS_PATH attributes must be the same.
¡ If neither the balance as-path-neglect nor the balance as-path-relax command is configured, the routes must have the same AS_PATH attribute.
· The routes have the same MPLS label assignment status (labeled or not labeled).
BGP does not use the route selection rules described in "BGP route selection" for load balancing.
As shown in Figure 5, Router A and Router B are IBGP peers of Router C. Router C allows a maximum number of two ECMP routes for load balancing.
Router D and Router E both advertise a route 9.0.0.0 to Router C. Router C installs the two routes to its routing table for load balancing if the routes meet the BGP load balancing criteria. After that, Router C forwards to Router A and Router B a single route whose attributes are changed as follows:
· AS_PATH attribute:
¡ If the balance as-path-neglect and balance as-path-relax commands are not configured, the AS_PATH attribute does not change.
¡ If the balance as-path-neglect or balance as-path-relax command is configured, the AS_PATH attribute is changed to the attribute of the optimal route.
· The NEXT_HOP attribute is changed to the IP address of Router C.
· Other attributes are changed to be the same as the optimal route.
Settlements for problems in large-scale BGP networks
You can use the following methods to facilitate management and improve route distribution efficiency on a large-scale BGP network.
Route summarization
Route summarization can reduce the BGP routing table size by advertising summary routes rather than more specific routes.
The system supports both manual and automatic route summarization. Manual route summarization allows you to determine the attribute of a summary route and whether to advertise more specific routes.
Route dampening
Route flapping (a route comes up and disappears in the routing table frequently) causes BGP to send many routing updates. It can consume too many resources and affect other operations.
In most cases, BGP runs in complex networks where route changes are more frequent. To solve the problem caused by route flapping, you can use BGP route dampening to suppress unstable routes.
BGP route dampening uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route. Each time a route state changes from reachable to unreachable, or a reachable route's attribute changes, BGP adds a penalty value of 1000 to the route. When the penalty value of the route exceeds the suppress value, the route is suppressed and cannot become the optimal route. When the penalty value reaches the upper limit, no penalty value is added.
If the suppressed route does not flap, its penalty value gradually decreases to half of the suppress value after a period of time. This period is called "Half-life." When the value decreases to the reusable threshold value, the route is usable again.
Figure 6 BGP route dampening
Peer group
You can organize BGP peers with the same attributes into a group to simplify their configurations.
When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed.
Community
You can apply a community list or an extended community list to a routing policy for route control. For more information, see "BGP path attributes."
Route reflector
IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n(n-1)/2. If a large number of IBGP peers exist, large amounts of network and CPU resources are consumed to maintain sessions.
Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards routing information received from a client to other clients. In this way, all clients can receive routing information from one another without establishing BGP sessions.
A router that is neither a route reflector nor a client is a non-client, which, as shown in Figure 7, must establish BGP sessions to the route reflector and other non-clients.
Figure 7 Network diagram for a route reflector
The route reflector and clients form a cluster. Typically a cluster has one route reflector. The ID of the route reflector is the Cluster_ID. You can configure more than one route reflector in a cluster to improve availability, as shown in Figure 8. The configured route reflectors must have the same Cluster_ID to avoid routing loops.
Figure 8 Network diagram for route reflectors
When the BGP routers in an AS are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. You can use commands to disable route reflection instead of modifying network configuration or changing network topology.
After route reflection is disabled between clients, routes can still be reflected between a client and a non-client.
Confederation
Confederation is another method to manage growing IBGP connections in an AS. It splits an AS into multiple sub-ASs. In each sub-AS, IBGP peers are fully meshed. As shown in Figure 9, intra-confederation EBGP connections are established between sub-ASs in AS 200.
Figure 9 Confederation network diagram
A non-confederation BGP speaker does not need to know sub-ASs in the confederation. To the BGP speaker, the confederation is one AS and the confederation ID is the AS number. In the above figure, AS 200 is the confederation ID.
Confederation has a deficiency. When you change an AS into a confederation, you must reconfigure the routers, and the topology will be changed.
In large-scale BGP networks, you can use both route reflector and confederation.
MP-BGP
Supported address families
BGP-4 can only advertise IPv4 unicast routing information. Multiprotocol Extensions for BGP-4 (MP-BGP) can advertise routing information for the following address families:
· IPv6 unicast address family.
· IPv4 multicast and IPv6 multicast address families.
PIM uses static and dynamic unicast routes to perform RPF check before creating multicast routing entries. When the multicast and unicast topologies are different, you can use MP-BGP to advertise the routes for RPF check. MP-BGP stores the routes in the BGP multicast routing table. For more information about PIM and RPF check, see IP Multicast Configuration Guide.
· VPNv4 and VPNv6 address families.
For more information about VPNv4 and VPNv6, see MPLS Configuration Guide.
· Labeled IPv4 unicast and IPv6 unicast address families.
MP-BGP advertises IPv4 unicast/IPv6 unicast routes and MPLS labels assigned for the routes. Labeled IPv4 unicast routes apply to inter-AS Option C for MPLS L3VPN. Labeled IPv6 unicast routes apply to 6PE and inter-AS Option C for MPLS L3VPN. For more information about inter-AS Option C, see MPLS Configuration Guide.
· L2VPN address family.
L2VPN information includes label block information and remote peer information. For more information about L2VPN and VPLS, see MPLS Configuration Guide.
· EVPN address family.
MP-BGP advertises EVPN routes to implement automatic VTEP discovery, VXLAN tunnel establishment and assignment, and MAC and ARP information advertisement. For more information about EVPN, see EVPN Configuration Guide.
MP-BGP extended attributes
Prefixes and next hops are key routing information. BGP-4 uses UPDATE messages to carry the following information:
· Feasible route prefixes in the Network Layer Reachability Information (NLRI) field.
· Unfeasible route prefixes in the withdrawn routes field.
· Next hops in the NEXT_HOP attribute.
BGP-4 cannot carry routing information for multiple network layer protocols.
To support multiple network layer protocols, MP-BGP defines the following path attributes:
· MP_REACH_NLRI—Carries feasible route prefixes and next hops for multiple network layer protocols.
· MP_UNREACH_NLRI—Carries unfeasible route prefixes for multiple network layer protocols.
MP-BGP uses these two attributes to advertise feasible and unfeasible routes for different network layer protocols. BGP speakers not supporting MP-BGP ignore updates containing these attributes and do not forward them to its peers.
Address family
MP-BGP uses address families and subsequent address families to identify different network layer protocols for routes contained in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes. For example, an Address Family Identifier (AFI) of 2 and a Subsequent Address Family Identifier (SAFI) of 1 identify IPv6 unicast routing information carried in the MP_REACH_NLRI attribute. For address family values, see RFC 1700.
Exchanging IPv4 and IPv6 routes in both IPv4 and IPv6 address families
MP-BGP supports IPv4 route exchange between IPv6 peers and IPv6 route exchange between IPv4 peers as follows:
· When the next hop of an IPv6 route is an IPv4 address, MP-BGP maps the IPv4 address to an IPv6 address encapsulated in the NEXT_HOP attribute of update messages. In this scenario, you must specify a routing policy to change the next hop of the IPv6 route to the IPv6 address of the peer.
· When the next hop of an IPv4 route is an IPv6 address, BGP negotiates the extended next hop encoding capability with its peer. Then, BGP encapsulates the IPv4 NLRI in the MP_REACH_NLRI attribute of update messages. In this scenario, you must specify a routing policy to change the next hop of the IPv4 route to the IPv4 address of the peer.
Figure 10 Exchanging IPv4 and IPv6 routes in both IPv4 and IPv6 address families
As shown in Figure 10, an IPv6 BGP peer relationship is established between Device A and Device B, between Device B and Device C, and between Device C and Device D. An IPv4 BGP peer relationship is established between Device A and Device B and between Device C and Device D. Device A and Device D can learn both IPv4 and IPv6 routes from each other and traffic is forwarded correctly in both IPv4 and IPv6 address families. For Device C to correctly receive IPv4 routes using the IPv6 address of Device B as the next hop, configure a routing policy on Device C. Use the routing policy to change the next hop of these routes to the IPv4 address of Device B.
BGP multi-instance
A BGP router can run multiple BGP processes. Each BGP process corresponds to a BGP instance. BGP maintains an independent routing table for each BGP instance.
BGP configuration views
BGP uses different views to manage routing information for different BGP instances, address families, and VPN instances. Most BGP commands are available in all BGP views. BGP supports multiple VPN instances by establishing a separate routing table for each VPN instance.
Table 1 describes different BGP configuration views.
Table 1 BGP configuration views
|
View names |
Ways to enter the views |
Remarks |
|
BGP instance view |
You can create a BGP instance and enter its view by specifying the instance keyword in the bgp command. Configurations in this view apply to all public address families for the specified BGP instance and all VPN instances (such as confederation, GR, and logging configurations), or apply to all public address families for the specified BGP instance. |
|
|
BGP IPv4 unicast address family view |
Configurations in this view apply to public IPv4 unicast routes and peers of the specified BGP instance. |
|
|
BGP IPv6 unicast address family view |
Configurations in this view apply to public IPv6 unicast routes and peers of the specified BGP instance. |
|
|
BGP IPv4 multicast address family view |
Configurations in this view apply to IPv4 multicast routes and peers of the specified BGP instance. |
|
|
BGP IPv6 multicast address family view |
Configurations in this view apply to IPv6 multicast routes and peers of the specified BGP instance. |
|
|
BGP VPNv4 address family view |
Configurations in this view apply to VPNv4 routes and peers of the specified BGP instance. For more information about BGP VPNv4 address family view, see MPLS Configuration Guide. |
|
|
BGP VPNv6 address family view |
Configurations in this view apply to VPNv6 routes and peers of the specified BGP instance. For more information about BGP VPNv6 address family view, see MPLS Configuration Guide. |
|
|
BGP L2VPN address family view |
Configurations in this view apply to L2VPN information and L2VPN peers of the specified BGP instance. For more information about BGP L2VPN address family view, see MPLS Configuration Guide. |
|
|
BGP EVPN address family view |
Configurations in this view apply to EVPN routes and peers of the specified BGP instance. For more information about BGP EVPN address family view, see EVPN Configuration Guide. |
|
|
BGP-VPN instance view |
Configurations in this view apply to all address families in the specified VPN instance of the specified BGP instance. For more information about VPN instances, see MPLS L3VPN configuration in MPLS Configuration Guide. |
|
|
BGP-VPN IPv4 unicast address family view |
Configurations in this view apply to IPv4 unicast routes and peers in the specified VPN instance of the specified BGP instance. For more information about VPN instances, see MPLS L3VPN configuration in MPLS Configuration Guide. |
|
|
BGP-VPN IPv6 unicast address family view |
Configurations in this view apply to IPv6 unicast routes and peers in the specified VPN instance of the specified BGP instance. For more information about VPN instances, see MPLS L3VPN configuration in MPLS Configuration Guide. |
|
|
BGP-VPN VPNv4 address family view |
Configurations in this view apply to VPNv4 routes and peers in the specified VPN instance of the specified BGP instance. For more information about BGP-VPN VPNv4 address family view, see MPLS Configuration Guide. |
|
|
BGP LS address family view |
Configurations in this view apply to public network LS messages and peers of the specified BGP instance. |
|
|
BGP-VPN LS address family view |
Configurations in this view apply to VPN LS messages and peers of the specified BGP instance. |
|
|
BGP IPv4 RT filter address family view |
Configurations in this view apply to IPv4 RT filter routes and peers of the specified BGP instance. For more information about BGP IPv4 RT filter address family view, see MPLS L3VPN Configuration Guide. |
|
|
BGP IPv4 SR policy address family view |
Configurations in this view apply to IPv4 SR policy routes and peers of the specified BGP instance. |
Protocols and standards
· RFC 1700, ASSIGNED NUMBERS
· RFC 1997, BGP Communities Attribute
· RFC 2439, BGP Route Flap Damping
· RFC 2545, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
· RFC 2918, Route Refresh Capability for BGP-4
· RFC 3107, Carrying Label Information in BGP-4
· RFC 4271, A Border Gateway Protocol 4 (BGP-4)
· RFC 4275, BGP-4 MIB Implementation Survey
· RFC 4277, Experience with the BGP-4 Protocol
· RFC 4360, BGP Extended Communities Attribute
· RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs)
· RFC 4382, MPLS/BGP Layer 3 Virtual Private Network (VPN) Management
· RFC 4451, BGP MULTI_EXIT_DISC (MED) Considerations
· RFC 4456, BGP Route Reflection: An Alternative to Full Mesh Internal BGP
· RFC 4486, Subcodes for BGP Cease Notification Message
· RFC 4659, BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN
· RFC 4684, Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs)
· RFC 4724, Graceful Restart Mechanism for BGP
· RFC 4760, Multiprotocol Extensions for BGP-4
· RFC 4781, Graceful Restart Mechanism for BGP with MPLS
· RFC 5004, Avoid BGP Best Path Transitions from One External to Another
· RFC 5065, Autonomous System Confederations for BGP
· RFC 5082, The Generalized TTL Security Mechanism (GTSM)
· RFC 5291, Outbound Route Filtering Capability for BGP-4
· RFC 5292, Address-Prefix-Based Outbound Route Filter for BGP-4
· RFC 5492, Capabilities Advertisement with BGP-4
· RFC 5549, Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop
· RFC 5668, 4-Octet AS Specific BGP Extended Community
· RFC 6037, Cisco Systems' Solution for Multicast in BGP MPLS IP VPNs
· RFC 6198, Requirements for the Graceful Shutdown of BGP Sessions
· RFC 6368, Internal BGP as the Provider/Customer Edge Protocol for BGP/MPLS IP
· RFC 6513, Multicast in MPLS/BGP IP VPNs
· RFC 6514, BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs
· RFC 6515, IPv4 and IPv6 Infrastructure Addresses in BGP Updates for Multicast VPN
· RFC 6608, Subcodes for BGP Finite State Machine Error
· RFC 6624, Layer 2 Virtual Private Networks Using BGP for Auto-Discovery and Signaling
· RFC 6793, BGP Support for Four-Octet Autonomous System (AS) Number Space
· RFC 6811, BGP Prefix Origin Validation
· RFC 7311, The Accumulated IGP Metric Attribute for BGP
· RFC 7432, BGP MPLS-Based Ethernet VPN
· RFC 7752, North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP
· RFC 7854, BGP Monitoring Protocol (BMP)
· RFC 7911, Advertisement of Multiple Paths in BGP
Building basic BGP networks
Restrictions: Licensing requirements for BGP
You can install a license to increase the maximum number of BGP routes supported by the device, if the default settings are not sufficient. For more information about licensing, see Fundamentals Configuration Guide.
Restrictions and guidelines: BGP configuration
You can create multiple public address families for a BGP instance. However, each public address family can belong to only one BGP instance.
You can create multiple VPN instances for a BGP instance, and each VPN instance can have multiple address families. A VPN instance can belong to only one BGP instance.
You cannot specify the same peer for the same address family of different BGP instances.
Different BGP instances can have the same AS number but cannot have the same name.
Basic BGP network configuration tasks at a glance (IPv4 unicast/IPv4 multicast)
To build basic BGP networks for the IPv4 unicast or IPv4 multicast address family, perform the following tasks:
a. Enabling BGP
c. Configuring dynamic BGP peers
d. Configuring an IBGP peer group
Configure BGP peer groups on large-scale BGP networks for easy configuration and maintenance.
e. Configuring an EBGP peer group
Configure BGP peer groups on large-scale BGP networks for easy configuration and maintenance.
f. (Optional.) Specifying the source address of TCP connections
2. Controlling BGP route generation, advertisement, and reception
Choose the following tasks as needed:
¡ (Optional.) Configuring BGP route summarization
¡ (Optional.) Advertising optimal routes in the IP routing table
BGP cannot advertise optimal routes in the IP routing table for IPv4 multicast address family.
¡ (Optional.) Advertising a default route to a peer or peer group
¡ (Optional.) Limiting routes received from a peer or peer group
¡ (Optional.) Enabling prioritized withdrawal of the default route
¡ (Optional.) Enabling prioritized withdrawal of specific routes
¡ (Optional.) Configuring BGP route distribution filtering policies
¡ (Optional.) Setting the BGP route sending rate
This feature applies only to IPv4 unicast routes.
¡ (Optional.) Configuring BGP route reception filtering policies
¡ (Optional.) Configuring BGP route update delay
¡ (Optional.) Configuring a startup policy for BGP route updates
¡ (Optional.) Configuring the SoO attribute
¡ (Optional.) Configuring the link bandwidth attribute
¡ Configuring the keepalive interval and hold time
¡ Setting the session retry timer
¡ Configuring the interval for sending updates for the same route
¡ Setting an update delay for local MPLS labels
4. (Optional.) Configuring BGP logging and notifications
¡ Enabling logging for session state changes
¡ Enabling logging for BGP route flapping
¡ Configuring BGP network management
Basic BGP network configuration tasks at a glance (IPv6 unicast/IPv6 multicast)
To build basic BGP networks for the IPv6 unicast or IPv6 multicast address family, perform the following tasks:
a. Enabling BGP
c. Configuring dynamic BGP peers
d. Configuring an IBGP peer group
Configure BGP peer groups on large-scale BGP networks for easy configuration and maintenance.
e. Configuring an EBGP peer group
Configure BGP peer groups on large-scale BGP networks for easy configuration and maintenance.
f. (Optional.) Specifying the source address of TCP connections
2. Controlling BGP route generation, advertisement, and reception
Choose the following tasks as needed:
¡ (Optional.) Configuring BGP route summarization
¡ (Optional.) Advertising optimal routes in the IP routing table
BGP cannot advertise optimal routes in the IP routing table for IPv6 multicast address family.
¡ (Optional.) Advertising a default route to a peer or peer group
¡ (Optional.) Limiting routes received from a peer or peer group
¡ (Optional.) Enabling prioritized withdrawal of the default route
¡ (Optional.) Enabling prioritized withdrawal of specific routes
¡ (Optional.) Configuring BGP route distribution filtering policies
¡ (Optional.) Setting the BGP route sending rate
This feature applies only to IPv6 unicast routes.
¡ (Optional.) Configuring BGP route reception filtering policies
¡ (Optional.) Configuring BGP route update delay
¡ (Optional.) Configuring a startup policy for BGP route updates
¡ (Optional.) Configuring the SoO attribute
¡ (Optional.) Configuring the link bandwidth attribute
¡ Configuring the keepalive interval and hold time
¡ Setting the session retry timer
¡ Configuring the interval for sending updates for the same route
¡ Setting an update delay for local MPLS labels
4. (Optional.) Configuring BGP logging and notifications
¡ Enabling logging for session state changes
¡ Enabling logging for BGP route flapping
¡ Configuring BGP network management
Configuring basic BGP
Enabling BGP
Restrictions and guidelines
A router ID is the unique identifier of a BGP router in an AS.
· To ensure the uniqueness of a router ID and enhance availability, specify in BGP instance view the IP address of a local loopback interface as the router ID. Different BGP instances can have the same router ID.
· If no router ID is specified in BGP instance view, the global router ID is used.
· To modify a non-zero router ID of a BGP instance , use the router-id command in BGP instance view, rather than the router id command in system view.
· If you specify a router ID in BGP instance view and then remove the interface that owns the router ID, the router does not select a new router ID. To select a new router ID, use the undo router-id command in BGP instance view.
Procedure
1. Enter system view.
system-view
2. Configure a global router ID.
router id router-id
By default, no global router ID is configured.
If no global router ID is configured, the following rules apply:
¡ If loopback interfaces configured with an IP address exist, BGP uses the highest loopback interface IP address as the router ID.
¡ If no loopback interface IP address is available, BGP uses the highest physical interface IP address as the route ID regardless of the interface status.
3. Enable BGP and enter BGP instance view.
bgp as-number [ instance instance-name ]
By default, BGP is disabled and no BGP instances exist.
4. (Optional.) Configure a router ID for the BGP instance.
router-id router-id
By default, no router ID is configured for a BGP instance, and the BGP instance uses the global router ID configured by the router-id command in system view.
5. (Optional.) Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
The specified VPN instance must have been created and have an RD.
6. (Optional.) Configure a router ID for the BGP VPN instance.
router-id { router-id | auto-select }
By default, no router ID is configured for a BGP VPN instance.
The BGP VPN instance uses the router ID configured in BGP instance view. If no router ID is configured in BGP instance view, the BGP VPN instance uses the global router ID configured in system view.
Configuring a BGP peer
Restrictions and guidelines
A BGP peer at an IPv6 link-local address must be directly connected to the local router. On the local router, you must use the peer connect-interface command to specify the interface directly connected to the BGP peer as the source interface of TCP connections.
To exchange IPv4 routes with an IPv6 peer or exchange IPv6 routes with an IPv4 peer, you must configure a routing policy to perform the following tasks:
· Change the next hop of IPv4 routes received from the IPv6 peer to the IPv4 address of the interface that connects the IPv6 peer to the local router.
· Change the next hop of IPv6 routes received from the IPv4 peer to the IPv6 address of the interface that connects the IPv4 peer to the local router.
Procedure (Exchanging IPv4 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address as-number as-number
4. (Optional.) Configure a description for a peer.
peer ipv4-address description text
By default, no description is configured for a peer.
5. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
6. Enable the router to exchange IPv4 unicast routing information with the specified peer.
peer ipv4-address enable
By default, the router cannot exchange IPv4 unicast routing information with the peer.
Procedure (Exchanging IPv6 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address as-number as-number
4. (Optional.) Configure a description for the IPv4 peer.
peer ipv4-address description text
By default, no description is configured for an IPv4 peer.
5. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
6. Enable BGP to exchange IPv6 unicast routing information with the IPv4 peer.
peer ipv4-address enable
By default, BGP cannot exchange IPv6 unicast routing information with an IPv4 peer.
7. Use a routing policy to modify the next hop of routes received from the IPv4 peer.
peer ipv4-address route-policy route-policy-name import
Procedure (Exchanging IPv6 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address as-number as-number
4. (Optional.) Configure a description for a peer.
peer ipv6-address description text
By default, no description is configured for a peer.
5. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
6. Enable the router to exchange IPv6 unicast routing information with the specified peer.
peer ipv6-address enable
By default, the router cannot exchange IPv6 unicast routing information with the peer.
Procedure (Exchanging IPv4 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address as-number as-number
4. (Optional.) Configure a description for the IPv4 peer.
peer ipv6-address description text
By default, no description is configured for an IPv4 peer.
5. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
6. Enable BGP to exchange IPv4 unicast routing information with the IPv6 peer.
peer ipv6-address enable
By default, BGP cannot exchange IPv4 unicast routing information with an IPv6 peer.
7. Use a routing policy to modify the next hop of routes received from the IPv6 peer.
peer ipv6-address route-policy route-policy-name import
Procedure (Exchanging IPv4 multicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address as-number as-number
4. (Optional.) Configure a description for the peer.
peer ipv4-address description text
By default, no description is configured for a peer.
5. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
6. Enable the router to exchange IPv4 unicast routing information used for RPF check with the specified peer.
peer ipv4-address enable
By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peer.
Procedure (Exchanging IPv6 multicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address as-number as-number
4. (Optional.) Configure a description for the peer.
peer ipv6-address description text
By default, no description is configured for a peer.
5. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
6. Enable the router to exchange IPv6 unicast routing information used for RPF check with the specified peer.
peer ipv6-address enable
By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peer.
Configuring dynamic BGP peers
About this task
This feature enables BGP to establish dynamic BGP peer relationships with devices in a network. BGP accepts connection requests from the network but it does not initiate connection requests to the network.
After a device in the network initiates a connection request, BGP establishes a dynamic peer relationship with the device.
If multiple BGP peers reside in the same network, you can use this feature to simplify BGP peer configuration.
Restrictions and guidelines
For a remote device to establish a peer relationship with the local device, you must specify the IP address of the local device on the remote device.
A BGP peer at an IPv6 link-local address must be directly connected to the local router. On the local router, you must use the peer connect-interface command to specify the interface directly connected to the BGP peer as the source interface of TCP connections.
To exchange IPv4 routes with an IPv6 peer or exchange IPv6 routes with an IPv4 peer, you must configure a routing policy to perform the following tasks:
· Change the next hop of IPv4 routes received from the IPv6 peer to the IPv4 address of the interface that connects the IPv6 peer to the local router.
· Change the next hop of IPv6 routes received from the IPv4 peer to the IPv6 address of the interface that connects the IPv4 peer to the local router.
Procedure (Exchanging IPv4 unicast routes with dynamic IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.
peer ipv4-address mask-length as-number as-number
4. (Optional.) Configure a description for dynamic BGP peers.
peer ipv4-address mask-length description text
By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
6. Enable BGP to exchange IPv4 unicast routing information with dynamic BGP peers in the specified network.
peer ipv4-address mask-length enable
By default, BGP cannot exchange IPv4 unicast routing information with dynamic BGP peers.
Procedure (Exchanging IPv6 unicast routes with dynamic IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify devices in an IPv4 network as dynamic IPv4 BGP peers and specify an AS number for the peers.
peer ipv4-address mask-length as-number as-number
4. (Optional.) Configure a description for the IPv4 peer.
peer ipv4-address mask-length description text
By default, no description is configured for dynamic peers.
5. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
6. Enable BGP to exchange IPv6 unicast routing information with the dynamic IPv4 peers.
peer ipv4-address mask-length enable
By default, BGP cannot exchange IPv6 unicast routing information with dynamic IPv4 peers.
7. Use a routing policy to modify the next hop of routes received from the dynamic IPv4 peers.
peer ipv4-address mask-length route-policy route-policy-name import
Procedure (Exchanging IPv6 unicast routes with dynamic IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.
peer ipv6-address prefix-length as-number as-number
4. (Optional.) Configure a description for dynamic BGP peers.
peer ipv6-address prefix-length description text
By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
6. Enable BGP to exchange IPv6 unicast routing information with dynamic BGP peers in the specified network.
peer ipv6-address prefix-length enable
By default, BGP cannot exchange IPv6 unicast routing information with dynamic BGP peers.
Procedure (Exchanging IPv4 unicast routes with dynamic IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify devices in an IPv6 network as dynamic IPv6 BGP peers and specify an AS number for the peers.
peer ipv6-address prefix-length as-number as-number
4. (Optional.) Configure a description for the dynamic IPv6 peers.
peer ipv6-address prefix-length description text
By default, no description is configured for dynamic peers.
5. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
6. Enable BGP to exchange IPv4 unicast routing information with dynamic IPv6 peers.
peer ipv6-address prefix-length enable
By default, BGP cannot exchange IPv4 unicast routing information with dynamic IPv6 peers.
7. Use a routing policy to modify the next hop of routes received from the dynamic IPv6 peers.
peer ipv6-address mask-length route-policy route-policy-name import
Procedure (Exchanging IPv4 multicast routes with dynamic IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.
peer ipv4-address mask-length as-number as-number
4. (Optional.) Configure a description for dynamic BGP peers.
peer ipv4-address mask-length description text
By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
6. Enable BGP to exchange IPv4 unicast routing information used for RPF check with dynamic BGP peers in the specified network.
peer ipv4-address mask-length enable
By default, BGP cannot exchange IPv4 unicast routing information used for RPF check with dynamic BGP peers.
Procedure (Exchanging IPv6 multicast routes with dynamic IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify devices in a network as dynamic BGP peers and specify an AS number for the peers.
peer ipv6-address prefix-length as-number as-number
4. (Optional.) Configure a description for dynamic BGP peers.
peer ipv6-address prefix-length description text
By default, no description is configured for dynamic BGP peers.
5. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
6. Enable BGP to exchange IPv6 unicast routing information used for RPF check with dynamic BGP peers in the specified network.
peer ipv6-address prefix-length enable
By default, BGP cannot exchange IPv6 unicast routing information used for RPF check with dynamic BGP peers.
Configuring an IBGP peer group
About this task
A peer group is an IBGP peer group if peers in it belong to the same AS as the local router.
After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP instance view and specifies the local AS number for the peer.
Restrictions and guidelines
A BGP peer at an IPv6 link-local address must be directly connected to the local router. On the local router, you must use the peer connect-interface command to specify the interface directly connected to the BGP peer as the source interface of TCP connections.
To exchange IPv4 routes with an IPv6 peer or exchange IPv6 routes with an IPv4 peer, you must configure a routing policy to perform the following tasks:
· Change the next hop of IPv4 routes received from the IPv6 peer to the IPv4 address of the interface that connects the IPv6 peer to the local router.
· Change the next hop of IPv6 routes received from the IPv4 peer to the IPv6 address of the interface that connects the IPv4 peer to the local router.
If you configure a BGP setting at both the peer group and the peer level, the most recent configuration takes effect on the peer.
Procedure (Exchanging IPv4 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add a peer into the IBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
7. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information with the peers.
Procedure (Exchanging IPv6 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add an IPv4 peer into the IBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
6. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
7. Enable BGP to exchange IPv6 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv6 unicast routing information with peers in a peer group.
8. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Procedure (Exchanging IPv4 multicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add an IPv4 peer into the IBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
7. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the peer group.
Procedure (Exchanging IPv6 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add a peer into the IBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
7. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information with the peers.
Procedure (Exchanging IPv4 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add an IPv6 peer into the IBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
6. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
7. Enable BGP to exchange IPv4 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv4 unicast routing information with peers in a peer group.
8. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Procedure (Exchanging IPv6 multicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an IBGP peer group.
group group-name [ internal ]
4. Add a peer into the IBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the local AS number.
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
7. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the peer group.
Configuring an EBGP peer group
About this task
A peer group is an EBGP peer group if peers in it belong to different ASs.
If peers in an EBGP group belong to the same external AS, the EBGP peer group is a pure EBGP peer group. If not, it is a mixed EBGP peer group.
Restrictions and guidelines
Use one of the following methods to configure an EBGP peer group:
· Method 1—Create an EBGP peer group, specify its AS number, and add peers into it. All the added peers have the same AS number. All peers in the peer group have the same AS number as the peer group. You can specify an AS number for a peer before adding it into the peer group. The AS number must be the same as that of the peer group.
· Method 2—Create an EBGP peer group, specify an AS number for a peer, and add the peer into the peer group. Peers added in the group can have different AS numbers.
· Method 3—Create an EBGP peer group and add a peer with an AS number into it. Peers added in the group can have different AS numbers.
To exchange IPv4 routes with an IPv6 peer or exchange IPv6 routes with an IPv4 peer, you must configure a routing policy to perform the following tasks:
· Change the next hop of IPv4 routes received from the IPv6 peer to the IPv4 address of the interface that connects the IPv6 peer to the local router.
· Change the next hop of IPv6 routes received from the IPv4 peer to the IPv6 address of the interface that connects the IPv4 peer to the local router.
If you configure a BGP setting at both the peer group and the peer level, the most recent configuration takes effect on the peer.
Configuring an EBGP peer group by using Method 1 (Exchanging IPv4 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Specify the AS number of the group.
peer group-name as-number as-number
By default, no AS number is specified.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add a peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
8. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 2 (Exchanging IPv4 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address [ mask-length ] as-number as-number
5. Add the peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv4-address [ mask-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
8. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 3 (Exchanging IPv4 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Add a peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
7. Enable the router to exchange IPv4 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 1 (Exchanging IPv6 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Specify an AS number for the peer group.
peer group-name as-number as-number
By default, no AS number is specified for a peer group.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv4 peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
7. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
8. Enable BGP to exchange IPv6 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv6 unicast routing information with peers in a peer group.
9. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 2 (Exchanging IPv6 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address [ mask-length ] as-number as-number
5. Add the IPv4 peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv4-address [ mask-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
7. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
8. Enable BGP to exchange IPv6 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv6 unicast routing information with peers in a peer group.
9. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 3 (Exchanging IPv6 unicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Add an IPv4 peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
6. Create the BGP IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
7. Enable BGP to exchange IPv6 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv6 unicast routing information with peers in a peer group.
8. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 1 (Exchanging IPv4 multicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Specify the AS number of the group.
peer group-name as-number as-number
By default, no AS number is specified.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv4 BGP peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
8. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the group.
Configuring an EBGP peer group by using Method 2 (Exchanging IPv4 multicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Create an IPv4 BGP peer and specify its AS number.
peer ipv4-address [ mask-length ] as-number as-number
5. Add the peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv4-address [ mask-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
8. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the group.
Configuring an EBGP peer group by using Method 3 (Exchanging IPv4 multicast routes with IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Add an IPv4 BGP peer into the EBGP peer group.
peer ipv4-address [ mask-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv4 multicast address family and enter its view.
address-family ipv4 multicast
7. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers.
Configuring an EBGP peer group by using Method 1 (Exchanging IPv6 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Specify the AS number of the group.
peer group-name as-number as-number
By default, no AS number is specified.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add a peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
8. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 2 (Exchanging IPv6 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address [ prefix-length ] as-number as-number
5. Add the peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv6-address [ prefix-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
8. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 3 (Exchanging IPv6 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Create an EBGP peer group.
group group-name external
4. Add a peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view.
address-family ipv6 [ unicast ]
7. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information with the peers.
Configuring an EBGP peer group by using Method 1 (Exchanging IPv4 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Specify an AS number for the peer group.
peer group-name as-number as-number
By default, no AS number is specified for a peer group.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv6 peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
7. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
8. Enable BGP to exchange IPv4 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv4 unicast routing information with peers in a peer group.
9. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 2 (Exchanging IPv4 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address [ prefix-length ] as-number as-number
5. Add the IPv6 peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv6-address [ prefix-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
7. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
8. Enable BGP to exchange IPv4 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv4 unicast routing information with peers in a peer group.
9. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 3 (Exchanging IPv4 unicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Add an IPv6 peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for a peer group.
6. Create the BGP IPv4 unicast address family and enter its view.
address-family ipv4 [ unicast ]
7. Enable BGP to exchange IPv4 unicast routing information with peers in the peer group.
peer group-name enable
By default, BGP cannot exchange IPv4 unicast routing information with peers in a peer group.
8. Use a routing policy to modify the next hop of routes received from peers in the peer group.
peer group-name route-policy route-policy-name import
Configuring an EBGP peer group by using Method 1 (Exchanging IPv6 multicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Specify the AS number of the group.
peer group-name as-number as-number
By default, no AS number is specified.
If a peer group contains peers, you cannot remove or change its AS number.
5. Add an IPv6 BGP peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer group-name as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
8. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.
Configuring an EBGP peer group by using Method 2 (Exchanging IPv6 multicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Create an IPv6 BGP peer and specify its AS number.
peer ipv6-address [ prefix-length ] as-number as-number
5. Add the peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name [ as-number as-number ]
The as-number as-number option must specify the same AS number as the peer ipv6-address [ prefix-length ] as-number as-number command.
6. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
7. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
8. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.
Configuring an EBGP peer group by using Method 3 (Exchanging IPv6 multicast routes with IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Create an EBGP peer group.
group group-name external
4. Add an IPv6 BGP peer into the EBGP peer group.
peer ipv6-address [ prefix-length ] group group-name as-number as-number
5. (Optional.) Configure a description for the peer group.
peer group-name description text
By default, no description is configured for the peer group.
6. Create the BGP IPv6 multicast address family and enter its view.
address-family ipv6 multicast
7. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.
peer group-name enable
By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group.
Specifying the source address of TCP connections
About this task
BGP uses TCP as the transport layer protocol. Perform this task in the following scenarios to specify the source address or source interface of TCP connections to a peer or peer group:
· The peer's IPv4/IPv6 address does not belong to the interface directly connected to the local router. To ensure successful TCP connection establishment, use one of the following methods:
¡ Specify the interface to which the IPv4/IPv6 address belongs as the source interface on the peer.
¡ Specify the IPv4/IPv6 address of the interface directly connected to the local router as the source address on the peer.
· A BGP peer at an IPv6 link-local address must be directly connected to the local router. On the local router, you must use the peer connect-interface command to specify the interface directly connected to the BGP peer as the source interface of TCP connections.
· On a BGP router that has multiple links to a peer, the source interface for TCP connection changes because the primary source interface fails. To avoid this problem, specify a loopback interface as the source interface or specify the IP address of a loopback interface as the source address.
· You want to establish multiple BGP sessions to a router. In this case, BGP might fail to determine the source address for each TCP connection based on the optimal route to the peer. To prevent this problem, use one of the following methods:
¡ If the BGP sessions use IP addresses of different interfaces, specify a source interface or source address for each session.
¡ If the BGP sessions use different IP addresses of the same interface, specify a source address for each session.
· The source address of a TCP connection is borrowed by another interface. When the status of the interface changes, the BGP session cannot respond to the changes correctly. To resolve this problem, you must use the peer connect-interface command to specify the interface that borrows the source address as the source interface of the TCP connection.
Restrictions and guidelines
BGP immediately tears down the session to an IBGP peer or peer group when the following conditions exist:
· The source interface of TCP connections to the IBGP peer or peer group is a physical interface.
· The source interface fails and the link to the IBGP peer or peer group goes down.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Specify the source address or source interface of TCP connections to a peer or peer group.
¡ Specify the source address of TCP connections to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } source-address source-ipv4-address
¡ Specify the source interface of TCP connections to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } connect-interface interface-type interface-number
By default, BGP uses the primary IPv4 address of the output interface in the optimal route to a peer or peer group as the source address of TCP connections to the peer or peer group.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Specify the source IPv6 address or source interface of TCP connections to a peer or peer group.
¡ Specify the source IPv6 address of TCP connections to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } source-address source-ipv6-address
¡ Specify the source interface of TCP connections to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } connect-interface interface-type interface-number
By default, BGP uses the IPv6 address of the output interface in the optimal route to the BGP peer or peer group as the source address of TCP connections to the peer or peer group.
Controlling BGP route generation, advertisement, and reception
Injecting a local network
About this task
Perform this task to inject a network in the local routing table to the BGP routing table, so BGP can advertise the network to BGP peers. The ORIGIN attribute of BGP routes advertised in this way is IGP. You can also use a routing policy to control route advertisement.
The specified network must be available and active in the local IP routing table.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure BGP to advertise a local network.
network ipv4-address [ mask-length | mask ] [ route-policy route-policy-name ]
By default, BGP does not advertise local networks.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure BGP to advertise a local network.
network ipv6-address prefix-length [ route-policy route-policy-name ]
By default, BGP does not advertise local networks.
Redistributing IGP routes
About this task
Perform this task to configure route redistribution from an IGP to BGP.
By default, BGP does not redistribute default IGP routes. You can use the default-route imported command to redistribute default IGP routes into the BGP routing table.
The ORIGIN attribute of BGP routes redistributed from IGPs is INCOMPLETE.
Only active routes can be redistributed. To view route state information, use the display ip routing-table protocol or display ipv6 routing-table protocol command. For more information about the commands, see Layer 3—IP Routing Command Reference.
If you execute the import-route command multiple times for an IGP process, the most recent configuration takes effect. To redistribute more routes from an IGP process without overwriting the routes redistributed before, use the import-route-append command.
When you execute both the import-route and import-route-append commands for an IGP process, the commands take effect as follows:
· A route is redistributed as long as it matches the criteria of either command.
· If a route matches the criteria of both commands, the route is redistributed, and the apply clauses in the routing policies specified in the two commands take effect as follows:
¡ If the apply clauses do not conflict, all apply clauses take effect.
¡ If conflicts occur between the apply clauses, only the apply clauses in the import-route-append command take effect.
· The MED value specified by the import-route-append command takes precedence over that specified by the import-route command.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Enable route redistribution from the specified IGP into BGP.
¡ Redistribute IS-IS, OSPF, or RIP routes.
import-route { isis | ospf | rip } [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ]
¡ Redistribute direct or static routes.
import-route { direct | static | unr } [ med med-value | route-policy route-policy-name ]
By default, BGP does not redistribute IGP routes.
4. (Optional.) Redistribute routes from an IGP without overwriting the routes redistributed by the import-route command.
¡ Redistribute IS-IS, OSPF, or RIP routes.
import-route-append { isis | ospf | rip } [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ]
¡ Redistribute direct or static routes.
import-route-append { direct | static | unr } [ med med-value | route-policy route-policy-name ]
By default, BGP does not redistribute IGP routes.
5. (Optional.) Redistribute all static routes with the same destination address.
import-route multipath
This command is not supported in BGP IPv4 multicast address family view.
By default, BGP does not redistribute multiple static routes with the same destination address.
This command takes effect only when you execute both this command and the import-route or import-route-append command in the same address family view.
6. (Optional.) Enable default route redistribution into BGP.
default-route imported
By default, BGP does not redistribute default routes.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Enable route redistribution from the specified IGP into BGP.
¡ Redistribute IPv6 IS-IS, OSPFv3, or RIPng routes.
import-route { isisv6 | ospfv3 | ripng } [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ]
¡ Redistribute direct or static routes.
import-route { direct | static } [ med med-value | route-policy route-policy-name ]
By default, BGP does not redistribute IGP routes.
4. (Optional.) Redistribute routes from an IGP without overwriting the routes redistributed by the import-route command.
¡ Redistribute IPv6 IS-IS, OSPFv3, or RIPng routes.
import-route-append { isisv6 | ospfv3 | ripng } [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ]
¡ Redistribute direct or static routes.
import-route-append { direct | static } [ med med-value | route-policy route-policy-name ]
By default, BGP does not redistribute IGP routes.
5. (Optional.) Redistribute all static routes with the same destination address.
import-route multipath
This command is not supported in BGP IPv6 multicast address family view.
By default, BGP does not redistribute multiple static routes with the same destination address.
This command takes effect only when you execute both this command and the import-route or import-route-append command in the same address family view.
6. (Optional.) Enable default route redistribution into BGP.
default-route imported
By default, BGP does not redistribute default routes.
Configuring BGP route summarization
About this task
Route summarization can reduce the number of redistributed routes and the routing table size. IPv4 BGP supports automatic route summarization and manual route summarization. Manual summarization takes precedence over automatic summarization. IPv6 BGP supports only manual route summarization.
Automatic route summarization enables BGP to summarize IGP subnet routes redistributed by the import-route command, so BGP advertises only natural network routes.
By configuring manual route summarization, you can do the following:
· Summarize both redistributed routes and routes injected using the network command.
· Determine the mask length for a summary route.
Restrictions and guidelines for configuring BGP route summarization
The output interface of a BGP summary route is Null 0 on the originating router. Therefore, a summary route must not be an optimal route on the originating router. Otherwise, BGP will fail to forward packets matching the route. If a summarized specific route has the same mask as the summary route, but has a lower priority, the summary route becomes the optimal route. To ensure correct packet forwarding, change the priority of the summary or specific route to make the specific route the optimal route.
Configuring automatic route summarization (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure automatic route summarization.
summary automatic
By default, automatic route summarization is not configured.
Configuring manual route summarization (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Create a summary route in the BGP routing table.
aggregate ipv4-address { mask-length | mask } [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ] *
By default, no summary routes are configured.
Configuring BGP manual route summarization (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Create a summary route in the IPv6 BGP routing table.
aggregate ipv6-address prefix-length [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ] *
By default, no summary routes are configured.
Advertising optimal routes in the IP routing table
About this task
By default, BGP advertises optimal routes in the BGP routing table, which may not be optimal in the IP routing table. This task allows you to advertise BGP routes that are optimal in the IP routing table.
Procedure (IPv4 unicast)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP to advertise optimal routes in the IP routing table.
advertise-rib-active
By default, BGP advertises optimal routes in the BGP routing table.
4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
5. Enable BGP to advertise optimal routes in the IP routing table of the address family in the VPN instance.
advertise-rib-active
By default, the setting is the same as that in BGP instance view.
Procedure (IPv6 unicast)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP to advertise optimal routes in the IPv6 routing table.
advertise-rib-active
By default, BGP advertises optimal routes in the BGP routing table.
4. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
5. Enable BGP to advertise optimal routes in the IPv6 routing table of the address family in the VPN instance.
advertise-rib-active
By default, the setting is the same as that in BGP instance view.
Advertising a default route to a peer or peer group
About this task
Perform this task to advertise a default BGP route with the next hop being the advertising router to a peer or peer group.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Advertise a default route to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } default-route-advertise [ route-policy route-policy-name ]
By default, no default route is advertised.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Advertise a default route to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } default-route-advertise [ route-policy route-policy-name ]
By default, no default route is advertised.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Limiting routes received from a peer or peer group
About this task
This feature can prevent attacks that send a large number of BGP routes to the router.
If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration:
· Tears down the BGP session to the peer or peer group and does not attempt to re-establish the session.
· Continues to receive routes from the peer or peer group and generates a log message.
· Retains the session to the peer or peer group, but it discards excess routes and generates a log message.
· Tears down the BGP session to the peer or peer group and, after a specific period of time, re-establishes a BGP session to the peer or peer group.
You can specify a percentage threshold for the router to generate a log message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router generates a log message.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Specify the maximum number of routes that a router can receive from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only | discard | reconnect reconnect-time } | percentage-value ] *
By default, the number of routes that a router can receive from a peer or peer group is not limited.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Specify the maximum number of routes that a router can receive from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only | discard | reconnect reconnect-time } | percentage-value ] *
By default, the number of routes that a router can receive from a peer or peer group is not limited.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Enabling prioritized withdrawal of the default route
About this task
Typically a BGP router does not send withdrawal messages of the default route prior to other routes to its peers. If the peer relationship is down, the default route cannot be withdrawn first. Traffic interruption might occur. Perform this task to configure BGP to send the withdrawal messages of the default route prior to other routes. This can reduce the traffic interruption time when the peer relationship is down.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP to send withdrawal messages of the default route prior to other routes.
default-route update-first
By default, BGP does not send withdrawal messages of the default route prior to other routes.
Enabling prioritized withdrawal of specific routes
About this task
Perform this task to configure BGP to send the withdrawal messages of specific routes prior to other routes. This can achieve fast route switchover and reduce the traffic interruption time.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Enable BGP to send withdrawal messages of routes matching the specified routing policy prior to other routes.
update-first route-policy route-policy-name
By default, BGP does not send withdrawal messages of specific routes prior to other routes.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Enable BGP to send withdrawal messages of routes matching the specified routing policy prior to other routes.
update-first route-policy route-policy-name
By default, BGP does not send withdrawal messages of specific routes prior to other routes.
Configuring BGP route distribution filtering policies
About this task
To configure BGP route distribution filtering policies, use the following methods:
· Use an ACL or prefix list to filter routing information advertised to all peers.
· Use a routing policy, conditional advertisement policy (existent policy or nonexistent policy), ACL, AS path list, or prefix list to filter routing information advertised to a peer or peer group.
If you configure multiple filtering policies, apply them in the following sequence:
1. peer prefix-list export
2. peer filter-policy export
3. peer as-path-acl export
4. filter-policy export
5. peer advertise-policy exist-policy
6. peer advertise-policy non-exist-policy
7. peer route-policy export
Only routes passing all the configured policies can be advertised.
Prerequisites
Before you configure BGP routing filtering policies, configure the following filters used for route filtering as needed:
· ACL (see ACL and QoS Configuration Guide).
· Prefix list (see "Configuring routing policies").
· Routing policy (see "Configuring routing policies").
· AS path list (see "Configuring routing policies").
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure BGP route distribution filtering policies. Choose the options to configure as needed:
¡ Reference an ACL or IP prefix list to filter advertised BGP routes.
filter-policy { ipv4-acl-number | name ipv4-acl-name | prefix-list ipv4-prefix-list-name } export [ direct | isis process-id | ospf process-id | rip process-id | static | unr ]
¡ Specify a routing policy as the existent policy to control route advertisement.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-policy advertise-policy-name exist-policy exist-policy-name
This command is available only in BGP IPv4 unicast address family view.
¡ Specify a routing policy as the nonexistent policy to control route advertisement.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-policy advertise-policy-name non-exist-policy non-exist-policy-name
This command is available only in BGP IPv4 unicast address family view.
¡ Reference a routing policy to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name export
¡ Reference an ACL to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } filter-policy { ipv4-acl-number | name ipv4-acl-name } export
¡ Reference an AS path list to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } as-path-acl { as-path-acl-number | as-path-acl-name } export
¡ Reference an IPv4 prefix list to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } prefix-list ipv4-prefix-list-name export
By default, no BGP distribution filtering policy is configured.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure BGP route distribution filtering policies. Choose the options to configure as needed:
¡ Reference an ACL or IPv6 prefix list to filter advertised BGP routes.
filter-policy { ipv6-acl-number | name ipv6-acl-name | prefix-list ipv6-prefix-list-name } export [ direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ]
¡ Specify a routing policy as the existent policy to control route advertisement.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-policy advertise-policy-name exist-policy exist-policy-name
This command is available only in BGP IPv6 unicast address family view.
¡ Specify a routing policy as the nonexistent policy to control route advertisement.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-policy advertise-policy-name non-exist-policy non-exist-policy-name
This command is available only in BGP IPv6 unicast address family view.
¡ Reference a routing policy to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name export
¡ Reference an ACL to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } filter-policy { ipv6-acl-number | name ipv6-acl-name } export
¡ Reference an AS path list to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } as-path-acl { as-path-acl-number | as-path-acl-name } export
¡ Reference an IPv6 prefix list to filter BGP routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } prefix-list ipv6-prefix-list-name export
By default, no BGP distribution filtering policy is configured.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Setting the BGP route sending rate
About this task
If a device sends many new routes within a short time period, it might be unable to add the routes to the FIB before the peer device adds them. This might result in traffic forwarding failure. To avoid this problem, you can perform this task to set an appropriate route sending rate for the device.
Restrictions and guidelines
For a device with high performance, you can set a high BGP route sending rate as needed. For a device without high performance, set a relatively low BGP route sending rate as a best practice.
As a best practice to avoid route withdrawal failures, do not set the BGP route sending rate to 0 or a small value when network flapping occurs.
This task applies only to IPv4 unicast routes and IPv6 unicast routes.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Set the BGP route sending rate.
route-rate-limit rate
By default, the BGP route sending rate is not limited.
Configuring BGP route reception filtering policies
About this task
You can use the following methods to configure BGP route reception filtering policies:
· Use an ACL or prefix list to filter routing information received from all peers.
· Use a routing policy, ACL, AS path list, or prefix list to filter routing information received from a peer or peer group.
If you configure multiple filtering policies, apply them in the following sequence:
1. peer filter-policy import
2. peer prefix-list import
3. peer as-path-acl import
4. filter-policy import
5. peer route-policy import
Only routes passing all the configured policies can be received.
Prerequisites
Before you configure BGP route reception filtering policies, configure the following filters used for route filtering as needed:
· ACL (see ACL and QoS Configuration Guide).
· Prefix list (see "Configuring routing policies").
· Routing policy (see "Configuring routing policies").
· AS path list (see "Configuring routing policies").
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure BGP route reception filtering policies. Choose the options to configure as needed:
¡ Reference an ACL or IP prefix list to filter BGP routes received from all peers.
filter-policy { ipv4-acl-number | name ipv4-acl-name | prefix-list ipv4-prefix-list-name } import
¡ Reference a routing policy to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name import
¡ Reference an ACL to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } filter-policy { ipv4-acl-number | name ipv4-acl-name } import
¡ Reference an AS path list to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } as-path-acl { as-path-acl-number | as-path-acl-name } import
¡ Reference an IPv4 prefix list to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } prefix-list ipv4-prefix-list-name import
By default, no route reception filtering is configured.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure BGP route reception filtering policies. Choose the options to configure as needed:
¡ Reference ACL or IPv6 prefix list to filter BGP routes received from all peers.
filter-policy { ipv6-acl-number | name ipv6-acl-name | prefix-list ipv6-prefix-list-name } import
¡ Reference a routing policy to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name import
¡ Reference an ACL to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } filter-policy { ipv6-acl-number | name ipv6-acl-name } import
¡ Reference an AS path list to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } as-path-acl { as-path-acl-number | as-path-acl-name } import
¡ Reference an IPv6 prefix list to filter BGP routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } prefix-list ipv6-prefix-list-name import
By default, no route reception filtering is configured.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Configuring BGP route update delay
About this task
Perform this task to configure BGP to delay sending route updates on reboot to reduce traffic loss. With this feature enabled, BGP redistributes all routes from other neighbors on reboot, selects the optimal route, and then advertises it.
Restrictions and guidelines
You can specify a prefix list and configure BGP to immediately send route updates for routes that match the prefix list.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Configure BGP to delay sending route updates on reboot.
bgp update-delay on-startup seconds
By default, BGP immediately sends route updates on reboot.
4. (Optional.) Configure BGP to immediately send route updates for routes that match a prefix list.
bgp update-delay on-startup prefix-list ipv4-prefix-list-name
By default, no prefix list is specified to filter routes.
Configuring a startup policy for BGP route updates
About this task
Perform this task to configure BGP to send route updates with the specified attributes within the specified period after reboot.
As shown in Figure 11, if Router B restarts and sends route updates before route convergence completes, traffic sent from Router A through Router B might be lost. This feature enables Router B to send route updates with the specified attribute values within the specified period after reboot, so that Router A can forward traffic through Router C.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify the period after reboot within which the startup policy is effective.
bgp apply-policy on-startup duration seconds
By default, the startup policy does not take effect.
4. Specify a MED attribute value in the startup policy.
bgp policy on-startup med med-value
By default, the MED attribute value in the startup policy is 4294967295.
Configuring the SoO attribute
About this task
After you configure the SoO attribute for a BGP peer or peer group, BGP adds the SoO attribute into the route updates received from the BGP peer or peer group. In addition, before advertising route updates to the peer or peer group, BGP checks the SoO attribute of the route update against the configured SoO attribute. If they are the same, BGP does not advertise the route updates to the BGP peer or peer group.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure the SoO attribute for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo site-of-origin
By default, no SoO attribute is configured for a peer or peer group.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure the SoO attribute for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo site-of-origin
By default, no SoO attribute is configured for a peer or peer group.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Configuring the link bandwidth attribute
About this task
Perform this task to add the link bandwidth extended community attribute to routes received from a directly connected EBGP peer or peer group. The link bandwidth is the bandwidth of the interface directly connected to the EBGP peer or peer group. After BGP advertises the routes received from the EBGP peer or peer group to other IBGP peers, the IBGP peers can filter routes based on the link bandwidth attribute.
Restrictions and guidelines
This feature is applicable only to directly connected EBGP peers and peer groups.
If a directly connected EBGP peer or peer group changes to an indirectly connected one, BGP stops adding the link bandwidth attribute to routes received from the EBGP peer or peer group.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Execute the following commands in sequence to enter BGP IPv4 unicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address family view:
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Execute the following commands in sequence to enter BGP IPv4 multicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Enable BGP to add the link bandwidth attribute to routes received from an EBGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } bandwidth
By default, BGP does not add the link bandwidth attribute to routes received from an EBGP peer or peer group.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Execute the following commands in sequence to enter BGP IPv6 unicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address family view:
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Execute the following commands in sequence to enter BGP IPv6 multicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Enable BGP to add the link bandwidth attribute to routes received from an EBGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } bandwidth
By default, BGP does not add the link bandwidth attribute to routes received from an EBGP peer or peer group.
Configuring BGP timers
Configuring the keepalive interval and hold time
About this task
BGP sends KEEPALIVE messages regularly to keep the BGP session between two routers.
If a router receives no KEEPALIVE or UPDATE message from a peer within the hold time, it tears down the session.
You can configure the keepalive interval and hold time globally or for a peer or peer group. The individual settings take precedence over the global settings.
The actual keepalive interval and hold time are determined as follows:
· If the hold time settings on the local and peer routers are different, the smaller setting is used. If the hold time is 0, BGP does not send KEEPALIVE messages to its peers and never tears down the session.
· If the keepalive interval is not 0, the actual keepalive interval is the smaller one between 1/3 of the hold time and the keepalive interval.
Restrictions and guidelines
The hold time must be a minimum of three times the keepalive interval.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the keepalive interval and hold time. Choose the options to configure as needed:
¡ Configure the global keepalive interval and hold time.
timer keepalive keepalive hold holdtime
This command takes effect for new BGP sessions and does not affect existing sessions.
¡ Configure the keepalive interval and hold time for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } timer keepalive keepalive hold holdtime
By default, the keepalive interval is 60 seconds, and hold time is 180 seconds.
The timers configured with the timer and peer timer commands do not take effect until a session is re-established (for example, a session is reset).
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the keepalive interval and hold time. Choose the options to configure as needed:
¡ Configure the global keepalive interval and hold time.
timer keepalive keepalive hold holdtime
This command takes effect for new BGP sessions and does not affect existing sessions.
¡ Configure the keepalive interval and hold time for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } timer keepalive keepalive hold holdtime
By default, the keepalive interval is 60 seconds, and hold time is 180 seconds.
The timers configured with the timer and peer timer commands do not take effect until a session is re-established (for example, a session is reset).
Setting the session retry timer
About this task
To speed up session establishment to a peer or peer group and route convergence, set a small session retry timer. If the BGP session flaps, you can set a large session retry timer to reduce the impact.
Restrictions and guidelines
The timer set by the peer timer connect-retry command takes precedence over the timer set by the timer connect-retry command.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Set the session retry timer.
¡ Set the session retry timer for all peers or peer groups.
timer connect-retry retry-time
¡ Set the session retry timer for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } timer connect-retry retry-time
By default, the session retry timer is 32 seconds for a peer or peer group.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Set the session retry timer.
¡ Set the session retry timer for all peers or peer groups.
timer connect-retry retry-time
¡ Set the session retry timer for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } timer connect-retry retry-time
By default, the session retry timer is 32 seconds for a peer or peer group.
Configuring the interval for sending updates for the same route
About this task
A BGP router sends an UPDATE message to its peers when a route is changed. If the route changes frequently, the BGP router keeps sending updates for the same route, resulting route flapping. To prevent this situation, perform this task to configure the interval for sending updates for the same route to a peer or peer group.
This feature does not take effect on withdrawn routes. For withdrawn routes, BGP sends the withdrawal messages immediately.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the interval for sending updates for the same route to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } route-update-interval interval
By default, the interval is 15 seconds for an IBGP peer and 30 seconds for an EBGP peer.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the interval for sending updates for the same route to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } route-update-interval interval
By default, the interval is 15 seconds for an IBGP peer and 30 seconds for an EBGP peer.
Setting an update delay for local MPLS labels
About this task
BGP includes local MPLS labels in advertised VPNv4 routes, VPNv6 routes, labeled IPv4 unicast routes, and labeled IPv6 unicast routes.
When a local label is changed, BGP removes the old label and advertises the new label. Traffic interruption occurs if BGP peers use the old label to forward packets before they learn the new label. To resolve this issue, set an update delay for local MPLS labels. BGP does not remove the old label before the update delay timer expires.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Set an update delay for local MPLS labels.
retain local-label retain-time
By default, the update delay is 60 seconds.
Configuring BGP logging and notifications
Enabling logging for session state changes
About this task
Perform this task to enable BGP to log BGP session establishment and disconnection events. To display the log information, use the display bgp peer ipv4 unicast log-info command or the display bgp peer ipv6 unicast log-info command. The logs are sent to the information center. The output rules of the logs (whether to output the logs and where to output) are determined by the information center configuration.
For more information about information center configuration, see Network Management and Monitoring Configuration Guide.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable logging for session state changes globally.
log-peer-change
By default, logging for session state changes is enabled globally.
4. (Optional.) Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
5. Enable logging for session state changes for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } log-change
By default, logging for session state changes is enabled for all peers and peer groups.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable logging for session state changes globally.
log-peer-change
By default, logging for session state changes is enabled globally.
4. (Optional.) Enter BGP-VPN instance view.
ip vpn-instance vpn-instance-name
5. Enable logging for session state changes for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } log-change
By default, logging for session state changes is enabled for all peers and peer groups.
Enabling logging for BGP route flapping
About this task
This feature enables BGP to generate logs for BGP route flapping events that trigger log generation. The generated logs are sent to the information center. For the logs to be output correctly, you must also configure information center on the device. For more information about the information center, see Network Management and Monitoring Configuration Guide.
Procedure (IPv4 unicast/IPv4 multicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Enable logging for BGP route flapping.
log-route-flap monitor-time monitor-count [ log-count-limit | route-policy route-policy-name ] *
By default, logging for BGP route flapping is disabled.
Procedure (IPv6 unicast/IPv6 multicast)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Enable logging for BGP route flapping.
log-route-flap monitor-time monitor-count [ log-count-limit | route-policy route-policy-name ] *
By default, logging for BGP route flapping is disabled.
Configuring BGP network management
About this task
After you enable SNMP notifications for BGP, the device generates a notification when a BGP neighbor state change occurs. The notification includes the neighbor address, the error code and subcode of the most recent error, and the current neighbor state. For BGP notifications to be sent correctly, you must also configure SNMP on the device.
BGP does not know the BGP instance to which a managed MIB node belongs. To resolve this issue, configure different SNMP contexts for different BGP instances.
The device selects a MIB for an SNMP packet according to the context (for SNMPv3) or community name (for SNMPv1/v2c) in the following ways:
· For an SNMPv3 packet:
¡ The device selects the MIB of the default BGP instance if the packet does not carry a context and no SNMP context is configured for the default BGP instance.
¡ The device selects the MIB of a BGP instance if the packet meets the following conditions:
- Carries a context that is configured with the snmp-agent context command in system view.
- Matches the context of the BGP instance.
¡ The device does not process any MIBs in other situations.
· For an SNMPv1/v2c packet:
¡ The device selects the MIB of the default BGP instance if the following conditions are met:
- No community name-to-SNMP context mapping is configured with the snmp-agent community-map command in system view.
- No SNMP context is configured for the default BGP instance.
¡ The device selects the MIB of a BGP instance if the community name is mapped to an SNMP context and the context matches the context of the BGP instance.
¡ The device does not process any MIBs in other situations.
For more information about SNMP contexts and community names, see SNMP configuration in Network Management and Monitoring Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enable SNMP notifications for BGP.
snmp-agent trap enable bgp [ instance instance-name ]
By default, SNMP notifications for BGP are enabled.
3. Enter BGP instance view.
bgp as-number [ instance instance-name ]
4. Configure an SNMP context for the BGP instance.
snmp context-name context-name
By default, no SNMP context is configured for the BGP instance.
Display and maintenance commands for basic BGP network building
Displaying BGP
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display BGP IPv4 unicast peer group information. |
display bgp [ instance instance-name ] group ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ group-name group-name ] |
|
Display information about a peer or peer group in BGP IPv4 unicast address family. |
display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address mask-length | { ipv4-address | group-name group-name } log-info | [ ipv4-address ] verbose ] display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | ipv6-address log-info | [ ipv6-address ] verbose ] display bgp [ instance instance-name ] peer ipv4 [ unicast ] vpn-instance-all [ verbose ] |
|
Display BGP IPv4 unicast routing information. |
display bgp [ instance instance-name ] routing-table ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | ipv4-address [ mask-length | mask ] advertise-info | as-path-acl { as-path-acl-number | as-path-acl-name } | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } | peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ ipv4-address [ mask-length | mask ] | statistics ] | statistics ] |
|
Display BGP IPv4 unicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display BGP peer and route summary information. |
display bgp [ instance instance-name ] ipv4 vpn-instance vpn-instance-name summary |
|
Display information about BGP peer relationship down events. |
display bgp [ instance instance-name ] troubleshooting [ event-count ] [ reverse ] |
|
Display BGP IPv4 unicast address family update group information. |
display bgp [ instance instance-name ] update-group ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address ] display bgp [ instance instance-name ] update-group ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address ] |
|
Display information about all BGP instances. |
display bgp instance-info |
|
Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. |
display bgp [ instance instance-name ] network ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display BGP IPv6 unicast peer group information. |
display bgp [ instance instance-name ] group ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ group-name group-name ] |
|
Display information about a peer or peer group in BGP IPv6 unicast address family. |
display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | { ipv6-address | group-name group-name } log-info | [ ipv6-address ] verbose ] display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address mask-length | ipv4-address log-info | [ ipv4-address ] verbose ] display bgp [ instance instance-name ] peer ipv6 [ unicast ] vpn-instance-all [ verbose ] |
|
Display BGP IPv6 unicast routing information. |
display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length [ advertise-info ] | as-path-acl { as-path-acl-number | as-path-acl-name } | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } | peer ipv6-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] | statistics ] display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] peer ipv4-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] |
|
Display BGP IPv6 unicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display BGP peer and route summary information. |
display bgp [ instance instance-name ] ipv6 vpn-instance vpn-instance-name summary |
|
Display information about BGP peer relationship down events. |
display bgp [ instance instance-name ] troubleshooting [ event-count ] [ reverse ] |
|
Display BGP IPv6 unicast address family update group information. |
display bgp [ instance instance-name ] update-group ipv6 [ unicast ] [ ipv4-address | ipv6-address ] display bgp [ instance instance-name ] update-group ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address ] |
|
Display information about all BGP instances. |
display bgp instance-info |
|
Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. |
display bgp [ instance instance-name ] network ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display BGP IPv4 multicast peer group information. |
display bgp [ instance instance-name ] group ipv4 multicast [ group-name group-name ] |
|
Display BGP IPv4 multicast peer or peer group information. |
display bgp [ instance instance-name ] peer ipv4 multicast [ ipv4-address mask-length | { ipv4-address | group-name group-name } log-info | [ ipv4-address ] verbose ] |
|
Display BGP IPv4 multicast routing information. |
display bgp [ instance instance-name ] routing-table ipv4 multicast [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | ipv4-address [ mask-length | mask ] advertise-info | as-path-acl { as-path-acl-number | as-path-acl-name } | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } | peer ipv4-address { advertised-routes | received-routes } [ ipv4-address [ mask-length | mask ] | statistics ] | statistics ] |
|
Display BGP IPv4 multicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv4 multicast [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
|
Display information about BGP peer relationship down events. |
display bgp [ instance instance-name ] troubleshooting [ event-count ] [ reverse ] |
|
Display BGP IPv4 multicast address family update group information. |
display bgp [ instance instance-name ] update-group ipv4 multicast [ ipv4-address ] |
|
Display information about all BGP instances. |
display bgp instance-info |
|
Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. |
display bgp [ instance instance-name ] network ipv4 multicast |
Displaying BGP (IPv6 multicast address family)
|
Task |
Command |
|
Display BGP IPv6 multicast peer group information. |
display bgp [ instance instance-name ] group ipv6 multicast [ group-name group-name ] |
|
Display BGP IPv6 multicast peer or peer group information. |
display bgp [ instance instance-name ] peer ipv6 multicast [ ipv6-address prefix-length | { ipv6-address | group-name group-name } log-info | [ ipv6-address ] verbose ] |
|
Display BGP IPv6 multicast routing information. |
display bgp [ instance instance-name ] routing-table ipv6 multicast [ ipv6-address prefix-length [ advertise-info ] | as-path-acl { as-path-acl-number | as-path-acl-name } | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } | peer ipv6-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] | statistics ] |
|
Display BGP IPv6 multicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv6 multicast [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
|
Display information about BGP peer relationship down events. |
display bgp [ instance instance-name ] troubleshooting [ event-count ] [ reverse ] |
|
Display BGP IPv6 multicast address family update group information. |
display bgp [ instance instance-name ] update-group ipv6 multicast [ ipv6-address ] |
|
Display information about all BGP instances. |
display bgp instance-info |
|
Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. |
display bgp [ instance instance-name ] network ipv6 multicast |
Resetting BGP sessions
Execute reset commands in user view.
|
Task |
Command |
|
Reset all BGP sessions. |
reset bgp [ instance instance-name ] all |
|
Reset BGP sessions for IPv4 unicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | all | external | group group-name | internal } ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] reset bgp ipv6-address [ mask-length ] ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Reset BGP sessions for IPv6 unicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] reset bgp ipv4-address [ mask-length ] ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Reset BGP sessions for IPv4 multicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | all | external | group group-name | internal } ipv4 multicast |
|
Reset BGP sessions for IPv6 multicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 multicast |
Clearing BGP information
Execute reset commands in user view.
|
Task |
Command |
|
Clear flap information for BGP IPv4 unicast routes. |
reset bgp [ instance instance-name ] flap-info ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address [ mask-length | mask ] | as-path-acl { as-path-acl-number | as-path-acl-name } | peer ipv4-address [ mask-length ] ] |
|
Clear flap information for BGP IPv6 unicast routes. |
reset bgp [ instance instance-name ] flap-info ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } | peer ipv6-address [ prefix-length ] ] |
|
Clear flap information for BGP IPv4 multicast routes. |
reset bgp [ instance instance-name ] flap-info ipv4 multicast [ ipv4-address [ mask-length | mask ] | as-path-acl { as-path-acl-number | as-path-acl-name } | peer ipv4-address [ mask-length ] ] |
|
Clear flap information for BGP IPv6 multicast routes. |
reset bgp [ instance instance-name ] flap-info ipv6 multicast [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } | peer ipv6-address [ prefix-length ] ] |
Basic IPv4 BGP network configuration examples
Example: Configuring basic BGP
Network configuration
As shown in Figure 12, all routers run BGP. Run EBGP between Router A and Router B, and run IBGP between Router B and Router C to allow Router C to access network 8.1.1.0/24 connected to Router A.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure IBGP:
¡ To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections.
¡ Because loopback interfaces are virtual interfaces, you need to use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections.
¡ Enable OSPF in AS 65009 to ensure that Router B can communicate with Router C through loopback interfaces.
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 65009
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 3.3.3.3 as-number 65009
[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 3.3.3.3 enable
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
[RouterB] ospf 1
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 65009
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 2.2.2.2 as-number 65009
[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 2.2.2.2 enable
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
[RouterC] ospf 1
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
[RouterC] display bgp peer ipv4
BGP local router ID : 3.3.3.3
Local AS number : 65009
Total number of peers : 1 Peers in established state : 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.2.2.2 65009 7 10 0 0 00:06:09 Established
The output shows that Router C has established an IBGP peer relationship with Router B.
3. Configure EBGP:
¡ The EBGP peers, Router A and Router B (usually in different ISPs), are located in different ASs. Typically, their loopback interfaces are not reachable to each other, so directly connected interfaces are used for establishing EBGP sessions.
¡ To enable Router C to access the network 8.1.1.0/24 connected directly to Router A, inject network 8.1.1.0/24 to the BGP routing table of Router A.
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 3.1.1.1 as-number 65009
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable
[RouterA-bgp-default-ipv4] network 8.1.1.0 24
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp-default] peer 3.1.1.2 as-number 65008
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Display BGP peer information on Router B.
[RouterB] display bgp peer ipv4
BGP local router ID : 2.2.2.2
Local AS number : 65009
Total number of peers : 2 Peers in established state : 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
3.3.3.3 65009 12 10 0 3 00:09:16 Established
3.1.1.2 65008 3 3 0 1 00:00:08 Established
The output shows that Router B has established an IBGP peer relationship with Router C and an EBGP peer relationship with Router A.
# Display the BGP routing table on Router A.
[RouterA] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 8.1.1.0/24 8.1.1.1 0 32768 i
# Display the BGP routing table on Router B.
[RouterB] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 8.1.1.0/24 3.1.1.2 0 0 65008i
# Display the BGP routing table on Router C.
[RouterC] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 8.1.1.0/24 3.1.1.2 0 100 0 65008i
The outputs show that Router A has no route to AS 65009, and Router C has learned network 8.1.1.0, but the next hop 3.1.1.2 is unreachable. As a result, the route is invalid.
4. Redistribute direct routes:
Configure BGP to redistribute direct routes on Router B, so Router A can obtain the route to 9.1.1.0/24, and Router C can obtain the route to 3.1.1.0/24.
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] import-route direct
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Display the BGP routing table on Router A.
[RouterA] display bgp routing-table ipv4
Total number of routes: 4
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 2.2.2.2/32 3.1.1.1 0 0 65009?
* >e 3.1.1.0/24 3.1.1.1 0 0 65009?
* > 8.1.1.0/24 8.1.1.1 0 32768 i
* >e 9.1.1.0/24 3.1.1.1 0 0 65009?
Two routes 2.2.2.2/32 and 9.1.1.0/24 have been added in Router A's routing table.
# Display the BGP routing table on Router C.
[RouterC] display bgp routing-table ipv4
Total number of routes: 4
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 2.2.2.2/32 2.2.2.2 0 100 0 ?
* >i 3.1.1.0/24 2.2.2.2 0 100 0 ?
* >i 8.1.1.0/24 3.1.1.2 0 100 0 65008i
* >i 9.1.1.0/24 2.2.2.2 0 100 0 ?
The output shows that the route 8.1.1.0 has become valid and the next hop is Router A.
Verifying the configuration
# Verify that Router C can ping 8.1.1.1.
[RouterC] ping 8.1.1.1
Ping 8.1.1.1 (8.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 8.1.1.1: icmp_seq=0 ttl=255 time=5.311 ms
56 bytes from 8.1.1.1: icmp_seq=1 ttl=255 time=1.719 ms
56 bytes from 8.1.1.1: icmp_seq=2 ttl=255 time=1.502 ms
56 bytes from 8.1.1.1: icmp_seq=3 ttl=255 time=1.809 ms
56 bytes from 8.1.1.1: icmp_seq=4 ttl=255 time=1.701 ms
--- Ping statistics for 8.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.502/2.048/5.311/1.455 ms
Example: Configuring BGP and IGP route redistribution
Network configuration
As shown in Figure 13, all devices of company A belong to AS 65008 and all devices of company B belong to AS 65009.
Configure BGP and IGP route redistribution to allow Router A to access network 9.1.2.0/24 in AS 65009, and Router C to access network 8.1.1.0/24 in AS 65008.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPF:
Enable OSPF in AS 65009, so Router B can obtain the route to 9.1.2.0/24.
# Configure Router B.
<RouterB> system-view
[RouterB] ospf 1
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
<RouterC> system-view
[RouterC] ospf 1
[RouterC-ospf-1] import-route direct
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
3. Configure the EBGP connection:
Configure the EBGP connection and inject network 8.1.1.0/24 to the BGP routing table of Router A, so Router B can obtain the route to 8.1.1.0/24.
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 3.1.1.1 as-number 65009
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable
[RouterA-bgp-default-ipv4] network 8.1.1.0 24
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
[RouterB] bgp 65009
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 3.1.1.2 as-number 65008
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable
4. Configure BGP and IGP route redistribution:
¡ Configure BGP to redistribute routes from OSPF on Router B, so Router A can obtain the route to 9.1.2.0/24.
¡ Configure OSPF to redistribute routes from BGP on Router B, so that Router C can obtain the route to 8.1.1.0/24.
# Configure route redistribution between BGP and OSPF on Router B.
[RouterB-bgp-default-ipv4] import-route ospf 1
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
[RouterB] ospf 1
[RouterB-ospf-1] import-route bgp
[RouterB-ospf-1] quit
# Display the BGP routing table on Router A.
[RouterA] display bgp routing-table ipv4
Total number of routes: 3
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 3.3.3.3/32 3.1.1.1 1 0 65009?
* > 8.1.1.0/24 8.1.1.1 0 32768 i
* >e 9.1.2.0/24 3.1.1.1 1 0 65009?
# Display the OSPF routing table on Router C.
[RouterC] display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Table
Topology base (MTID 0)
Routing for network
Destination Cost Type NextHop AdvRouter Area
9.1.1.0/24 1 Transit 9.1.1.2 3.3.3.3 0.0.0.0
2.2.2.2/32 1 Stub 9.1.1.1 2.2.2.2 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
8.1.1.0/24 1 Type2 1 9.1.1.1 2.2.2.2
Total nets: 3
Intra area: 2 Inter Area: 0 ASE: 1 NSSA: 0
Verifying the configuration
# Use ping to test connectivity.
[RouterA] ping -a 8.1.1.1 9.1.2.1
Ping 9.1.2.1 (9.1.2.1) from 8.1.1.1: 56 data bytes, press CTRL+C to break
56 bytes from 9.1.2.1: icmp_seq=0 ttl=254 time=10.000 ms
56 bytes from 9.1.2.1: icmp_seq=1 ttl=254 time=12.000 ms
56 bytes from 9.1.2.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 9.1.2.1: icmp_seq=3 ttl=254 time=7.000 ms
56 bytes from 9.1.2.1: icmp_seq=4 ttl=254 time=9.000 ms
--- Ping statistics for 9.1.2.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/8.000/12.000/3.406 ms
[RouterC] ping -a 9.1.2.1 8.1.1.1
Ping 8.1.1.1 (8.1.1.1) from 9.1.2.1: 56 data bytes, press CTRL+C to break
56 bytes from 8.1.1.1: icmp_seq=0 ttl=254 time=9.000 ms
56 bytes from 8.1.1.1: icmp_seq=1 ttl=254 time=4.000 ms
56 bytes from 8.1.1.1: icmp_seq=2 ttl=254 time=3.000 ms
56 bytes from 8.1.1.1: icmp_seq=3 ttl=254 time=3.000 ms
56 bytes from 8.1.1.1: icmp_seq=4 ttl=254 time=3.000 ms
--- Ping statistics for 8.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.000/4.400/9.000/2.332 ms
Example: Configuring dynamic BGP peers
Network configuration
As shown in Figure 14, Router A needs to establish IBGP peer relationships with Router B, Router C, and Router D in network 10.1.0.0/16. Configure dynamic BGP peers to simplify the configuration.
Configure Router A as the route reflector, and configure Router B, Router C, and Router D as its clients.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure IBGP peer relationships:
# Configure Router A to establish dynamic BGP peer relationships with routers in network 10.1.0.0/16.
<RouterA> system-view
[RouterA] bgp 200
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 10.1.0.0 16 as-number 200
[RouterA-bgp-default] address-family ipv4
[RouterA-bgp-default-ipv4] peer 10.1.0.0 16 enable
# Configure Router B to establish an IBGP peer relationship with Router A.
<RouterB> system-view
[RouterB] bgp 200
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 10.1.1.1 as-number 200
[RouterB-bgp-default] address-family ipv4
[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable
# Configure Router C to establish an IBGP peer relationship with Router A.
<RouterC> system-view
[RouterC] bgp 200
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 10.1.2.1 as-number 200
[RouterC-bgp-default] address-family ipv4
[RouterC-bgp-default-ipv4] peer 10.1.2.1 enable
# Configure Router D to establish an IBGP peer relationship with Router A.
<RouterD> system-view
[RouterD] bgp 200
[RouterD-bgp-default] router-id 4.4.4.4
[RouterD-bgp-default] peer 10.1.3.1 as-number 200
[RouterD-bgp-default] address-family ipv4
[RouterD-bgp-default-ipv4] peer 10.1.3.1 enable
# Display BGP peer information on Router A. The output shows that Router A has established IBGP peer relationships with Router B, Router C, and Router D.
[RouterA] display bgp peer ipv4
BGP local router ID : 1.1.1.1
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
*10.1.1.2 200 7 10 0 0 00:06:09 Established
*10.1.2.2 200 7 10 0 0 00:06:09 Established
*10.1.3.2 200 7 10 0 0 00:06:09 Established
3. Configure Router A as the route reflector, and configure peers in network 10.1.0.0/16 as its clients.
[RouterA-bgp-default-ipv4] peer 10.1.0.0 16 reflect-client
4. Configure Router C to advertise network 9.1.1.0/24.
[RouterC-bgp-default-ipv4] network 9.1.1.0 24
Verifying the configuration
# Verify that route 9.1.1.0/24 exists in the BGP routing table on Router A, Router B, Router D. This example uses Router A.
[RouterA-bgp-default] display bgp routing-table ipv4
Total Number of Routes: 1
BGP Local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* i 9.1.1.0/24 10.1.2.2 0 100 0 ?
Example: Configuring BGP route summarization
Network configuration
As shown in Figure 15, run EBGP between Router C and Router D, so the internal network and external network can communicate with each other.
· In AS 65106, perform the following configurations so the devices in the internal network can communicate:
¡ Configure static routing between Router A and Router B.
¡ Configure OSPF between Router B and Router C.
¡ Configure OSPF to redistribute static routes.
· Configure route summarization on Router C so BGP advertises a summary route instead of advertising routes to the 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 networks to Router D.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure static routing between Router A and Router B:
# Configure a default route with the next hop 192.168.212.1 on Router A.
<RouterA> system-view
[RouterA] ip route-static 0.0.0.0 0 192.168.212.1
# Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B.
<RouterB> system-view
[RouterB] ip route-static 192.168.64.0 24 192.168.212.161
[RouterB] ip route-static 192.168.74.0 24 192.168.212.161
[RouterB] ip route-static 192.168.99.0 24 192.168.212.161
3. Configure OSPF between Router B and Router C and configure OSPF on Router B to redistribute static routes:
# Configure OSPF to advertise the local network and enable OSPF to redistribute static routes on Router B.
[RouterB] ospf
[RouterB-ospf-1] area 0
[RouterB-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] import-route static
[RouterB-ospf-1] quit
# Configure OSPF to advertise local networks on Router C.
[RouterC] ospf
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 10.220.2.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
# Display the IP routing table on Router C.
[RouterC] display ip routing-table protocol ospf
Summary count : 5
OSPF Routing table status : <Active>
Summary count : 3
Destination/Mask Proto Pre Cost NextHop Interface
192.168.64.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
192.168.74.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
192.168.99.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
OSPF Routing table status : <Inactive>
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
10.220.2.0/24 OSPF 10 1 10.220.2.16 HGE1/0/2
172.17.100.0/24 OSPF 10 1 172.17.100.2 HGE1/0/1
The output shows that Router C has learned routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 through OSPF.
4. Configure BGP between Router C and Router D and configure BGP on Router C to redistribute OSPF routes:
# On Router C, enable BGP, specify Router D as an EBGP peer, and configure BGP to redistribute OSPF routes.
[RouterC] bgp 65106
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 10.220.2.217 as-number 64631
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 10.220.2.217 enable
[RouterC-bgp-default-ipv4] import-route ospf
# Enable BGP, and configure Router C as an EBGP peer on Router D.
[RouterD] bgp 64631
[RouterD-bgp-default] router-id 4.4.4.4
[RouterD-bgp-default] peer 10.220.2.16 as-number 65106
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 10.220.2.16 enable
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
# Display routing table information on Router D.
[RouterD] display ip routing-table protocol bgp
Summary count : 3
BGP Routing table status : <Active>
Summary count : 3
Destination/Mask Proto Pre Cost NextHop Interface
192.168.64.0/24 BGP 255 1 10.220.2.16 HGE1/0/1
192.168.74.0/24 BGP 255 1 10.220.2.16 HGE1/0/1
192.168.99.0/24 BGP 255 1 10.220.2.16 HGE1/0/1
BGP Routing table status : <Inactive>
Summary count : 0
The output shows that Router D has learned routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 through BGP.
# Ping the hosts on networks 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 from Router D. The ping operations succeed.
5. Configure route summarization on Router C to summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 into a single route 192.168.64.0/18, and disable advertisement of specific routes.
[RouterC-bgp-default-ipv4] aggregate 192.168.64.0 18 detail-suppressed
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
Verifying the configuration
# Display IP routing table information on Router C.
[RouterC] display ip routing-table | include 192.168
192.168.64.0/18 BGP 130 0 127.0.0.1 NULL0
192.168.64.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
192.168.74.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
192.168.99.0/24 OSPF 150 1 172.17.100.1 HGE1/0/1
The output shows that Router C has a summary route 192.168.64.0/18 with the output interface Null 0.
# Display the IP routing table information on Router D.
[RouterD] display ip routing-table protocol bgp
Summary count : 1
BGP Routing table status : <Active>
Summary count : 1
Destination/Mask Proto Pre Cost NextHop Interface
192.168.64.0/18 BGP 255 0 10.220.2.16 HGE1/0/1
BGP Routing table status : <Inactive>
Summary count : 0
The output shows that Router D has only one route 192.168.64.0/18 to AS 65106.
# Verify that Router D can ping the hosts on subnets 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24. (Details not shown.)
Example: Configuring multicast BGP
Network configuration
As shown in Figure 16, OSPF runs within AS 100 and AS 200 to ensure intra-AS connectivity. MBGP runs between the two ASs to exchange IPv4 unicast routes used for RPF check.
· Configure the Loopback 0 interface of Router A and Router B as the C-BSR and C-RP.
· Configure Router A and Router B to establish a Multicast Source Discovery Protocol (MSDP) peer relationship through MBGP, so that the receiver can receive multicast traffic from the source.
Table 2 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Source |
N/A |
10.110.1.100/24 |
Router C |
HGE1/0/1 |
10.110.2.1/24 |
|
Router A |
HGE1/0/1 |
10.110.1.1/24 |
|
HGE1/0/2 |
192.168.2.1/24 |
|
|
HGE1/0/2 |
192.168.1.1/24 |
|
HGE1/0/3 |
192.168.4.2/24 |
|
|
Loop0 |
1.1.1.1/32 |
|
Loop0 |
3.3.3.3/32 |
|
Router B |
HGE1/0/1 |
192.168.1.2/24 |
Router D |
HGE1/0/1 |
192.168.3.2/24 |
|
|
HGE1/0/2 |
192.168.3.1/24 |
|
HGE1/0/2 |
192.168.4.2/24 |
|
|
HGE1/0/3 |
192.168.2.1/24 |
|
Loop0 |
4.4.4.4/32 |
|
|
Loop0 |
2.2.2.2/32 |
|
|
|
Procedure
|
|
IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. |
1. Configure IP addresses for interfaces and configure OSPF (this example uses OSPF process 1) in AS 200 to ensure intra-AS connectivity. (Details not shown.)
2. Enable IP multicast routing, PIM-SM, and IGMP, and configure BSR boundaries:
# On Router A, enable multicast routing globally, and enable PIM-SM on interfaces.
<RouterA> system-view
[RouterA] multicast routing
[RouterA-mrib] quit
[RouterA] interface hundredgige 1/0/1
[RouterA-HundredGigE1/0/1] pim sm
[RouterA-HundredGigE1/0/1] quit
[RouterA] interface hundredgige 1/0/2
[RouterA-HundredGigE1/0/2] pim sm
[RouterA-HundredGigE1/0/2] quit
# Configure Router B and Router D in the same way that Router A was configured.
# On Router C, enable multicast routing globally.
<RouterC> system-view
[RouterC] multicast routing
[RouterC-mrib] quit
# Enable PIM-SM on interfaces, and enable IGMP on HundredGigE 1/0/1.
[RouterC] interface hundredgige 1/0/2
[RouterC-HundredGigE1/0/2] pim sm
[RouterC-HundredGigE1/0/2] quit
[RouterC] interface hundredgige 1/0/3
[RouterC-HundredGigE1/0/3] pim sm
[RouterC-HundredGigE1/0/3] quit
[RouterC] interface hundredgige 1/0/1
[RouterC-HundredGigE1/0/1] pim sm
[RouterC-HundredGigE1/0/1] igmp enable
[RouterC-HundredGigE1/0/1] quit
# Configure the BSR boundary on Router A.
[RouterA] interface hundredgige 1/0/2
[RouterA-HundredGigE1/0/2] pim bsr-boundary
[RouterA-HundredGigE1/0/2] quit
# Configure the BSR boundary on Router B.
[RouterB] interface hundredgige 1/0/1
[RouterB-HundredGigE1/0/1] pim bsr-boundary
[RouterB-HundredGigE1/0/1] quit
3. Configure Loopback 0, C-BSR, and C-RP:
# Configure the Loopback 0 interface and specify it as the C-BSR and C-RP on Router A.
[RouterA] interface loopback 0
[RouterA-LoopBack0] ip address 1.1.1.1 32
[RouterA-LoopBack0] pim sm
[RouterA-LoopBack0] quit
[RouterA] pim
[RouterA-pim] c-bsr 1.1.1.1
[RouterA-pim] c-rp 1.1.1.1
[RouterA-pim] quit
# Configure the Loopback 0 interface and specify it as the C-BSR and C-RP on Router B.
[RouterB] interface loopback 0
[RouterB-LoopBack0] ip address 2.2.2.2 32
[RouterB-LoopBack0] pim sm
[RouterB-LoopBack0] quit
[RouterB] pim
[RouterB-pim] c-bsr 2.2.2.2
[RouterB-pim] c-rp 2.2.2.2
[RouterB-pim] quit
4. Configure BGP to establish BGP IPv4 multicast peers and redistribute routes:
# On Router A, establish an EBGP session to Router B.
[RouterA] bgp 100
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 192.168.1.2 as-number 200
# Enable exchange of IPv4 unicast routes used for RPF check with Router B.
[RouterA-bgp-default] address-family ipv4 multicast
[RouterA-bgp-default-mul-ipv4] peer 192.168.1.2 enable
# Redistribute direct routes into BGP.
[RouterA-bgp-default-mul-ipv4] import-route direct
[RouterA-bgp-default-mul-ipv4] quit
[RouterA-bgp-default] quit
# On Router B, establish an EBGP session to Router A.
[RouterB] bgp 200
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 192.168.1.1 as-number 100
# Enable exchange of IPv4 unicast routes used for RPF check with Router B.
[RouterB-bgp-default] address-family ipv4 multicast
[RouterB-bgp-default-mul-ipv4] peer 192.168.1.1 enable
# Redistribute OSPF routes into BGP.
[RouterB-bgp-default-mul-ipv4] import-route ospf 1
[RouterB-bgp-default-mul-ipv4] quit
[RouterB-bgp-default] quit
5. Configure MSDP peers:
# Configure an MSDP peer on Router A.
[RouterA] msdp
[RouterA-msdp] peer 192.168.1.2 connect-interface hundredgige 1/0/2
[RouterA-msdp] quit
# Configure an MSDP peer on Router B.
[RouterB] msdp
[RouterB-msdp] peer 192.168.1.1 connect-interface hundredgige 1/0/1
[RouterB-msdp] quit
Verifying the configuration
# Verify the BGP IPv4 multicast peer information on Router B.
[RouterB] display bgp peer ipv4 multicast
BGP local router ID : 2.2.2.2
Local AS number : 200
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
192.168.1.1 100 56 56 0 0 00:40:54 Established
# Verify the MSDP peer information on Router B.
[RouterB] display msdp brief
Configured Established Listen Connect Shutdown Disabled
1 1 0 0 0 0
Peer address State Up/Down time AS SA count Reset count
192.168.1.1 Established 00:07:17 100 1 0
Basic IPv6 BGP network configuration examples
Example: Configuring IPv6 BGP basics
Network configuration
As shown in Figure 17, all routers run BGP. Run EBGP between Router A and Router B, and run IBGP between Router B and Router C to allow Router C to access network 50::/64 connected to Router A.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure IBGP:
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 65009
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 9::2 as-number 65009
[RouterB-bgp-default] address-family ipv6
[RouterB-bgp-default-ipv6] peer 9::2 enable
[RouterB-bgp-default-ipv6] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 65009
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 9::1 as-number 65009
[RouterC-bgp-default] address-family ipv6
[RouterC-bgp-default-ipv6] peer 9::1 enable
3. Configure EBGP:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 10::1 as-number 65009
[RouterA-bgp-default] address-family ipv6
[RouterA-bgp-default-ipv6] peer 10::1 enable
# Configure Router B.
[RouterB-bgp-default] peer 10::2 as-number 65008
[RouterB-bgp-default] address-family ipv6
[RouterB-bgp-default-ipv6] peer 10::2 enable
4. Inject network routes to the BGP routing table:
# Configure Router A.
[RouterA-bgp-default-ipv6] network 10:: 64
[RouterA-bgp-default-ipv6] network 50:: 64
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# Configure Router B.
[RouterB-bgp-default-ipv6] network 10:: 64
[RouterB-bgp-default-ipv6] network 9:: 64
[RouterB-bgp-default-ipv6] quit
[RouterB-bgp-default] quit
# Configure Router C.
[RouterC-bgp-default-ipv6] network 9:: 64
[RouterC-bgp-default-ipv6] quit
[RouterC-bgp-default] quit
Verifying the configuration
# Display IPv6 BGP peer information on Router B.
[RouterB] display bgp peer ipv6
BGP local router ID: 2.2.2.2
Local AS number: 65009
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
9::2 65009 41 43 0 1 00:29:00 Established
10::2 65008 38 38 0 2 00:27:20 Established
The output shows that Router A and Router B have established an EBGP connection, and Router B and Router C have established an IBGP connection.
# Display IPv6 BGP routing table information on Router A.
[RouterA] display bgp routing-table ipv6
Total number of routes: 4
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
* >e Network : 9:: PrefixLen : 64
NextHop : 10::1 LocPrf :
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65009i
* > Network : 10:: PrefixLen : 64
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* e Network : 10:: PrefixLen : 64
NextHop : 10::1 LocPrf :
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65009i
* > Network : 50:: PrefixLen : 64
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
The output shows that Router A has learned routing information of AS 65009.
# Display IPv6 BGP routing table information on Router C.
[RouterC] display bgp routing-table ipv6
Total number of routes: 4
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
* > Network : 9:: PrefixLen : 64
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* i Network : 9:: PrefixLen : 64
NextHop : 9::1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : 10:: PrefixLen : 64
NextHop : 9::1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : 50:: PrefixLen : 64
NextHop : 10::2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65008i
The output shows that Router C has learned the route 50::/64.
# Verify that Router C can ping hosts on network 50::/64. (Details not shown.)
Example: Configuring IPv6 multicast BGP
Network configuration
As shown in Figure 18, OSPFv3 runs within AS 100 and AS 200 to ensure intra-AS connectivity. IPv6 MBGP runs between the two ASs to exchange IPv6 unicast routes used for RPF check.
Enable Anycast RP on Router A and Router B.
Table 3 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Source |
N/A |
1002::100/64 |
Router B |
HGE1/0/1 |
1001::2/64 |
|
Router A |
HGE1/0/1 |
1002::1/64 |
|
HGE1/0/2 |
2002::1/64 |
|
|
HGE1/0/2 |
1001::1/64 |
|
HGE1/0/3 |
2001::1/64 |
|
|
Loop0 |
1:1::1/128 |
|
Loop0 |
1:1::1/128 |
|
|
Loop1 |
1:1::2/128 |
|
Loop1 |
2:2::2/128 |
|
Router C |
HGE1/0/1 |
3002::1/64 |
Router D |
HGE1/0/1 |
2002::2/64 |
|
|
HGE1/0/2 |
2001::2/64 |
|
HGE1/0/2 |
3001::2/64 |
|
|
HGE1/0/3 |
3001::1/64 |
|
|
|
Procedure
|
|
IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. |
1. Configure IPv6 addresses for interfaces and configure OSPFv3 (this example uses OSPFv3 process 1) in AS 200 to ensure intra-AS connectivity. (Details not shown.)
2. Enable IPv6 multicast routing, IPv6 PIM-SM, and MLD, and configure BSR boundaries:
# On Router A, enable IPv6 multicast routing globally, and enable IPv6 PIM-SM on interfaces.
<RouterA> system-view
[RouterA] ipv6 multicast routing
[RouterA-mrib6] quit
[RouterA] interface hundredgige 1/0/1
[RouterA-HundredGigE1/0/1] ipv6 pim sm
[RouterA-HundredGigE1/0/1] quit
[RouterA] interface hundredgige 1/0/2
[RouterA-HundredGigE1/0/2] ipv6 pim sm
[RouterA-HundredGigE1/0/2] quit
[RouterA] interface loopback 0
[RouterA-LoopBack0] ipv6 pim sm
[RouterA-LoopBack0] quit
# Configure Router B and Router D in the same way that Router A was configured.
# On Router C, enable IPv6 multicast routing globally.
<RouterC> system-view
[RouterC] ipv6 multicast routing
[RouterC-mrib6] quit
# Enable IPv6 PIM-SM on interfaces, and enable MLD on HundredGigE 1/0/1.
[RouterC] interface hundredgige 1/0/2
[RouterC-HundredGigE1/0/2] ipv6 pim sm
[RouterC-HundredGigE1/0/2] quit
[RouterC] interface hundredgige 1/0/3
[RouterC-HundredGigE1/0/3] ipv6 pim sm
[RouterC-HundredGigE1/0/3] quit
[RouterC] interface hundredgige 1/0/1
[RouterC-HundredGigE1/0/1] ipv6 pim sm
[RouterC-HundredGigE1/0/1] mld enable
[RouterC-HundredGigE1/0/1] quit
# Configure the BSR boundary on Router A.
[RouterA] interface hundredgige 1/0/2
[RouterA-HundredGigE1/0/2] ipv6 pim bsr-boundary
[RouterA-HundredGigE1/0/2] quit
# Configure the BSR boundary on Router B.
[RouterB] interface hundredgige 1/0/1
[RouterB-HundredGigE1/0/1] ipv6 pim bsr-boundary
[RouterB-HundredGigE1/0/1] quit
3. Enable Anycast RP, and specify C-BSR and C-RP:
# Configure Router A.
[RouterA] ipv6 pim
[RouterA-pim6] anycast-rp 1:1::1 1:1::2
[RouterA-pim6] anycast-rp 1:1::1 2:2::2
[RouterA-pim6] c-bsr 1:1::1
[RouterA-pim6] c-rp 1:1::1
[RouterA-pim6] quit
# Configure Router B.
[RouterB] ipv6 pim
[RouterB-pim6] anycast-rp 1:1::1 1:1::2
[RouterB-pim6] anycast-rp 1:1::1 2:2::2
[RouterB-pim6] c-bsr 1:1::1
[RouterB-pim6] c-rp 1:1::1
[RouterB-pim6] quit
4. Configure BGP to establish BGP IPv6 multicast peers and redistribute routes:
# On Router A, establish an EBGP session to Router B.
[RouterA] bgp 100
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 1001::2 as-number 200
# Enable exchange of IPv6 unicast routes used for RPF check with Router B.
[RouterA-bgp-default] address-family ipv6 multicast
[RouterA-bgp-default-mul-ipv6] peer 1001::2 enable
# Redistribute direct routes into BGP.
[RouterA-bgp-default-mul-ipv6] import-route direct
[RouterA-bgp-default-mul-ipv6] quit
# On Router B, establish an EBGP session to Router A.
[RouterB] bgp 200
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 1001::1 as-number 100
# Enable exchange of IPv6 unicast routes used for RPF check with Router B.
[RouterB-bgp-default] address-family ipv6 multicast
[RouterB-bgp-default-mul-ipv6] peer 1001::1 enable
# Redistribute OSPFv3 routes into BGP.
[RouterB-bgp-default-mul-ipv6] import-route ospfv3 1
[RouterB-bgp-default-mul-ipv6] quit
5. Establish BGP IPv6 unicast peer relationships between Router A and Router B and redistribute routes:
# On Router A, enable BGP to exchange IPv6 unicast routes with Router B, and redistribute direct routes into BGP.
[RouterA-bgp-default] address-family ipv6 unicast
[RouterA-bgp-default-ipv6] peer 1001::2 enable
[RouterA-bgp-default-ipv6] import-route direct
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# On Router B, enable BGP to exchange IPv6 unicast routes with Router A, and redistribute direct routes into BGP.
[RouterB-bgp-default] address-family ipv6 unicast
[RouterB-bgp-default-ipv6] peer 1001::1 enable
[RouterB-bgp-default-ipv6] import-route direct
[RouterB-bgp-default-ipv6] quit
[RouterB-bgp-default] quit
Verifying the configuration
# Verify the BGP IPv6 multicast peer information on Router B.
[RouterB] display bgp peer ipv6 multicast
BGP local router ID : 2.2.2.2
Local AS number : 200
Total number of peers : 3 Peers in established state : 3
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1001::1 100 56 56 0 0 00:40:54 Established
# Verify the RPF information for the multicast source on Router B.
[RouterB] display ipv6 multicast rpf-info 1002::1
RPF information about source 1002::1:
RPF interface: HGE1/0/1, RPF neighbor: 1001::1
Referenced prefix/prefix length: 1002::/64
Referenced route type: mbgp
Route selection rule: preference-preferred
Load splitting rule: disable
Troubleshooting BGP
Symptom
The display bgp peer ipv4 unicast or display bgp peer ipv6 unicast command output shows that the state of the connection to a peer cannot become established.
Analysis
To become BGP peers, any two routers must establish a TCP connection using port 179 and exchange OPEN messages successfully.
Solution
1. To resolve the problem:
a. Use the display current-configuration command to verify the current configuration, and verify that the peer's AS number is correct.
b. Use the display bgp peer ipv4 unicast or display bgp peer ipv6 unicast command to verify that the peer's IP/IPv6 address is correct.
c. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command.
d. If the peer is a non-direct EBGP peer, verify that the peer ebgp-max-hop command is configured.
e. If the peer ttl-security hops command is configured, verify that the command is configured on the peer. Verify that the hop-count values configured on them are greater than the number of hops between them.
f. Verify that a valid route to the peer is available.
g. Use the ping command to verify the connectivity to the peer.
h. Use the display tcp verbose or display ipv6 tcp verbose command to verify the TCP connection.
i. Verify that no ACL rule is applied to disable TCP port 179.
2. If the problem persists, contact H3C Support.
Configuring large-scale BGP networks
Large-scale BGP network configuration tasks at a glance
To configure large-scale BGP networks, perform the following tasks:
· Configuring BGP route dampening
· Configuring BGP route reflection
· Configuring BGP confederation settings
¡ Configuring a BGP confederation
¡ (Optional.) Configuring confederation compatibility
Configuring BGP route dampening
About this task
Route dampening enables BGP to not select unstable routes as optimal routes.
Restrictions and guidelines
This feature applies to EBGP routes but not to IBGP routes.
If an EBGP peer goes down after you configure this feature, routes coming from the peer are dampened but not deleted.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure BGP route dampening.
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] *
By default, BGP route dampening is not configured.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure IPv6 BGP route dampening.
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] *
By default, IPv6 BGP route dampening is not configured.
Configuring BGP communities
About this task
By default, a router does not advertise the COMMUNITY or extended community attribute to its peers or peer groups. When the router receives a route carrying the COMMUNITY or extended community attribute, it removes the attribute before advertising the route to other peers or peer groups.
Perform this task to enable a router to advertise the COMMUNITY or extended community attribute to its peers for route filtering and control. You can also use a routing policy to add or modify the COMMUNITY or extended community attribute for specific routes. For more information about routing policy, see "Configuring routing policies."
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-community
By default, the COMMUNITY attribute is not advertised.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
4. Advertise the extended community attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-ext-community
By default, the extended community attribute is not advertised.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
5. (Optional.) Apply a routing policy to routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name export
By default, no routing policy is applied.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Advertise the COMMUNITY attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-community
By default, the COMMUNITY attribute is not advertised.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
4. Advertise the extended community attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-ext-community
By default, the extended community attribute is not advertised.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
5. (Optional.) Apply a routing policy to routes advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-policy route-policy-name export
By default, no routing policy is applied.
Configuring BGP route reflection
Configuring a BGP route reflector
About this task
Perform this task to configure a BGP route reflector and its clients. The route reflector and its clients automatically form a cluster identified by the router ID of the route reflector. The route reflector forwards route updates among its clients.
To improve availability, you can specify multiple route reflectors for a cluster. The route reflectors in the cluster must have the same cluster ID to avoid routing loops.
When a route reflector connects to multiple clusters, you can configure different cluster IDs for different peers or peer groups.
You only need to configure BGP route reflection on the device that acts as a route reflector. Other devices do not need to know the role of the local device in route reflection.
After you configure a device as a route reflector, it advertises routes as follows:
· Advertises routes received from a non-client IBGP peer to all clients.
· Advertises routes received from an IBGP peer that acts as a client to all peers.
· Advertises routes received from an EBGP peer to all peers.
Restrictions and guidelines
If you do not configure the peer cluster-id command for a peer or peer group, the peer or peer group uses the cluster ID configured by the reflector cluster-id command.
For a peer or peer group, the cluster ID configured by the peer cluster-id command takes precedence over the cluster ID configured by the reflector cluster-id command.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the cluster ID of the route reflector for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } cluster-id cluster-id
By default, the cluster ID of the route reflector is not configured for a peer or peer group.
4. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
address-family ipv4 multicast
This command is available only in BGP instance view.
5. Configure the router as a route reflector and specify a peer or peer group as its client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } reflect-client
By default, no route reflector or client is configured.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
6. (Optional.) Enable route reflection between clients.
reflect between-clients
By default, route reflection between clients is enabled.
7. (Optional.) Configure the cluster ID of the route reflector.
reflector cluster-id { cluster-id | ipv4-address }
By default, a route reflector uses its own router ID as the cluster ID.
8. (Optional.) Enable the route reflector to change the attributes of routes to be reflected.
reflect change-path-attribute
By default, the route reflector cannot change the attributes of routes to be reflected.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure the cluster ID of the route reflector for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } cluster-id cluster-id
By default, the cluster ID of the route reflector is not configured for a peer or peer group.
4. Enter BGP IPv6 unicast address family view or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
address-family ipv6 multicast
This command is available only in BGP instance view.
5. Configure the router as a route reflector and specify a peer or peer group as its client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } reflect-client
By default, no route reflector or client is configured.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
6. (Optional.) Enable route reflection between clients.
reflect between-clients
By default, route reflection between clients is enabled.
7. (Optional.) Configure the cluster ID of the route reflector.
reflector cluster-id { cluster-id | ipv4-address }
By default, a route reflector uses its own router ID as the cluster ID.
8. (Optional.) Enable the route reflector to change the attributes of routes to be reflected.
reflect change-path-attribute
By default, the route reflector cannot change the attributes of routes to be reflected.
Ignoring the ORIGINATOR_ID attribute
About this task
By default, BGP drops incoming route updates whose ORIGINATOR_ID attribute is the same as the local router ID. Some special networks such as firewall networks require BGP to accept such route updates. To meet the requirement, you must configure BGP to ignore the ORIGINATOR_ID attribute.
Restrictions and guidelines
Make sure this command does not result in a routing loop.
After you execute this command, BGP also ignores the CLUSTER_LIST attribute.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Ignore the ORIGINATOR_ID attribute.
peer { group-name | ipv4-address [ mask-length ] } ignore-originatorid
By default, BGP does not ignore the ORIGINATOR_ID attribute.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Ignore the ORIGINATOR_ID attribute.
peer { group-name | ipv6-address [ prefix-length ] } ignore-originatorid
By default, BGP does not ignore the ORIGINATOR_ID attribute.
Clearing the route reflection attributes of a route before forwarding the route
About this task
In route reflection scenarios, BGP compares the CLUSTER_LIST and ORIGINATOR_ID attributes of routes to avoid routing loops. BGP discards a route if its CLUSTER_LIST attribute contains the local CLUSTER_ID or its ORIGINATOR_ID attribute is the same as the local router ID.
This feature applies when BGP forwards a route between the public network and a VPN instance or between different VPN instances. In such a scenario, the route reflection attributes carried by the route are meaningless. To avoid traffic loss, perform this task to enable BGP to clear the CLUSTER_LIST and ORIGINATOR_ID attributes of a route before forwarding the route.
Restrictions and guidelines
· After you configure this feature, BGP re-advertises all routes to all peers and peer groups.
· This feature might cause routing loops. Before executing the command, make sure you understand the potential impact on the network.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP to clear the CLUSTER_LIST and ORIGINATOR_ID attributes of a route before forwarding the route.
advertise-between-vrf clear-reflect-attributes
By default, BGP does not clear the CLUSTER_LIST and ORIGINATOR_ID attributes of a route before forwarding the route.
Configuring BGP confederation settings
About BGP confederation
BGP confederation provides another way to reduce IBGP connections in an AS.
A confederation contains sub-ASs. In each sub-AS, IBGP peers are fully meshed. Sub-ASs establish EBGP connections in between.
Configuring a BGP confederation
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Configure a confederation ID.
confederation id as-number
By default, no confederation ID is configured.
From an outsider's perspective, the sub-ASs of the confederation is a single AS, which is identified by the confederation ID.
4. Specify confederation peer sub-ASs in the confederation.
confederation peer-as as-number-list
By default, no confederation peer sub-ASs are specified.
A confederation can contain a maximum of 32 sub-ASs. The AS number of a sub-AS is effective only in the confederation.
If the router needs to establish EBGP connections to other sub-ASs, you must specify the peering sub-ASs in the confederation.
Configuring confederation compatibility
About this task
If any routers in the confederation do not comply with RFC 3065, enable confederation compatibility to allow the router to work with those routers.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable confederation compatibility.
confederation nonstandard
By default, confederation compatibility is disabled.
Display and maintenance commands for large-scale BGP network configuration
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display BGP IPv4 unicast peer group information. |
display bgp [ instance instance-name ] group ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ group-name group-name ] |
|
Display information about a peer or peer group in BGP IPv4 unicast address family. |
display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address mask-length | { ipv4-address | group-name group-name } log-info | [ ipv4-address ] verbose ] display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ ipv6-address prefix-length | ipv6-address log-info | [ ipv6-address ] verbose ] |
|
Display BGP IPv4 unicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display dampened BGP IPv4 unicast route information. |
display bgp [ instance instance-name ] routing-table dampened ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Display BGP IPv4 unicast route dampening parameter information. |
display bgp [ instance instance-name ] dampening parameter ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display BGP IPv6 unicast peer group information. |
display bgp [ instance instance-name ] group ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ group-name group-name ] |
|
Display information about a peer or peer group in BGP IPv6 unicast address family. |
display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | { ipv6-address | group-name group-name } log-info | [ ipv6-address ] verbose ] display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ ipv4-address mask-length | ipv4-address log-info | [ ipv4-address ] verbose ] |
|
Display BGP IPv6 unicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display dampened BGP IPv6 unicast route information. |
display bgp [ instance instance-name ] routing-table dampened ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Display BGP IPv6 unicast route dampening parameter information. |
display bgp [ instance instance-name ] dampening parameter ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display BGP IPv4 multicast peer group information. |
display bgp [ instance instance-name ] group ipv4 multicast [ group-name group-name ] |
|
Display BGP IPv4 multicast peer or peer group information. |
display bgp [ instance instance-name ] peer ipv4 multicast [ ipv4-address mask-length | { ipv4-address | group-name group-name } log-info | [ ipv4-address ] verbose ] |
|
Display BGP IPv4 multicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv4 multicast [ ipv4-address [ { mask-length | mask } [ longest-match ] ] | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display dampened BGP IPv4 multicast route information. |
display bgp [ instance instance-name ] routing-table dampened ipv4 multicast |
|
Display BGP IPv4 multicast route dampening parameter information. |
display bgp [ instance instance-name ] dampening parameter ipv4 multicast |
Displaying BGP (IPv6 multicast address family)
|
Task |
Command |
|
Display BGP IPv6 multicast peer group information. |
display bgp [ instance instance-name ] group ipv6 multicast [ group-name group-name ] |
|
Display BGP IPv6 multicast peer or peer group information. |
display bgp [ instance instance-name ] peer ipv6 multicast [ ipv6-address prefix-length | { ipv6-address | group-name group-name } log-info | [ ipv6-address ] verbose ] |
|
Display BGP IPv6 multicast route flapping statistics. |
display bgp [ instance instance-name ] routing-table flap-info ipv6 multicast [ ipv6-address prefix-length | as-path-acl { as-path-acl-number | as-path-acl-name } ] |
|
Display dampened BGP IPv6 multicast route information. |
display bgp [ instance instance-name ] routing-table dampened ipv6 multicast |
|
Display BGP IPv6 multicast route dampening parameter information. |
display bgp [ instance instance-name ] dampening parameter ipv6 multicast |
Large-scale BGP network configuration examples
Example: Configuring BGP communities
Network configuration
As shown in Figure 19, Router B establishes EBGP connections to Router A and Router C. Configure NO_EXPORT community attribute on Router A so that AS 20 does not advertise routes received from AS 10 to any other AS.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure EBGP connections:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 10
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 200.1.2.2 as-number 20
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 200.1.2.2 enable
[RouterA-bgp-default-ipv4] network 9.1.1.0 255.255.255.0
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 20
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 200.1.2.1 as-number 10
[RouterB-bgp-default] peer 200.1.3.2 as-number 30
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 200.1.2.1 enable
[RouterB-bgp-default-ipv4] peer 200.1.3.2 enable
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 30
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 200.1.3.1 as-number 20
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 200.1.3.1 enable
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
# Display the BGP route 9.1.1.0 on Router B.
[RouterB] display bgp routing-table ipv4 9.1.1.0
BGP local router ID: 2.2.2.2
Local AS number: 20
Paths: 1 available, 1 best
BGP routing table information of 9.1.1.0/24:
From : 200.1.2.1 (1.1.1.1)
Rely nexthop : 200.1.2.1
Original nexthop: 200.1.2.1
Out interface : HundredGigE1/0/1
Route age : 01h43m31s
OutLabel : NULL
AS-path : 10
Origin : igp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
# Display advertisement information for the route 9.1.1.0 on Router B.
[RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info
BGP local router ID: 2.2.2.2
Local AS number: 20
Paths: 1 best
BGP routing table information of 9.1.1.0/24:
Advertised to peers (1 in total):
200.1.3.2
The output shows that Router B can advertise the route with the destination 9.1.1.0/24 to other ASs through BGP.
# Display the BGP routing table on Router C.
[RouterC] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 9.1.1.0/24 200.1.3.1 0 20 10i
Router C has learned the route to the destination 9.1.1.0/24 from Router B.
3. Configure the BGP COMMUNITY attribute:
# Configure a routing policy.
[RouterA] route-policy comm_policy permit node 0
[RouterA-route-policy-comm_policy-0] apply community no-export
[RouterA-route-policy-comm_policy-0] quit
# Apply the routing policy.
[RouterA] bgp 10
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 200.1.2.2 route-policy comm_policy export
[RouterA-bgp-default-ipv4] peer 200.1.2.2 advertise-community
Verifying the configuration
# Display the BGP route 9.1.1.0 on Router B.
[RouterB] display bgp routing-table ipv4 9.1.1.0
BGP local router ID: 2.2.2.2
Local AS number: 20
Paths: 1 available, 1 best
BGP routing table information of 9.1.1.0/24:
From : 200.1.2.1 (1.1.1.1)
Rely nexthop : 200.1.2.1
Original nexthop: 200.1.2.1
Out interface : HundredGigE1/0/1
Route age : 01h43m31s
OutLabel : NULL
Community : No-Export
AS-path : 10
Origin : igp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
# Display advertisement information for the route 9.1.1.0 on Router B.
[RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info
BGP local router ID: 2.2.2.2
Local AS number: 20
Paths: 1 best
BGP routing table information of 9.1.1.0/24:
Not advertised to any peers yet
# Display the BGP routing table on Router C.
[RouterC] display bgp routing-table ipv4
Total number of routes: 0
The output shows that BGP has not learned any route.
Example: Configuring BGP route reflector
Network configuration
As shown in Figure 20, all routers run BGP. Run EBGP between Router A and Router B, run IBGP between Router C and Router B, and between Router C and Router D.
Configure Router C as a route reflector with clients Router B and D to allow Router D to learn route 20.0.0.0/8 from Router C.
Procedure
1. Configure IP addresses for interfaces and configure OSPF in AS 200. (Details not shown.)
2. Configure BGP connections:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 192.1.1.2 as-number 200
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 192.1.1.2 enable
# Inject network 20.0.0.0/8 to the BGP routing table.
[RouterA-bgp-default-ipv4] network 20.0.0.0
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 200
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 192.1.1.1 as-number 100
[RouterB-bgp-default] peer 193.1.1.1 as-number 200
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 192.1.1.1 enable
[RouterB-bgp-default-ipv4] peer 193.1.1.1 enable
[RouterB-bgp-default-ipv4] peer 193.1.1.1 next-hop-local
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 200
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 193.1.1.2 as-number 200
[RouterC-bgp-default] peer 194.1.1.2 as-number 200
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 193.1.1.2 enable
[RouterC-bgp-default-ipv4] peer 194.1.1.2 enable
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
# Configure Router D.
<RouterD> system-view
[RouterD] bgp 200
[RouterD-bgp-default] router-id 4.4.4.4
[RouterD-bgp-default] peer 194.1.1.1 as-number 200
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 194.1.1.1 enable
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
3. Configure Router C as the route reflector.
[RouterC] bgp 200
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 193.1.1.2 reflect-client
[RouterC-bgp-default-ipv4] peer 194.1.1.2 reflect-client
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
Verifying the configuration
# Display the BGP routing table on Router B.
[RouterB] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e 20.0.0.0 192.1.1.1 0 0 100i
# Display the BGP routing table on Router D.
[RouterD] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 20.0.0.0 193.1.1.2 0 100 0 100i
The output shows that Router D has learned the route 20.0.0.0/8 from Router C.
Example: Configuring BGP confederation
Network configuration
As shown in Figure 21, split AS 200 into three sub-ASs (AS 65001, AS 65002, and AS 65003) to reduce IBGP connections. Routers in AS 65001 are fully meshed.
Table 4 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Router A |
HGE1/0/1 |
10.1.2.1/24 |
Router D |
HGE1/0/1 |
10.1.5.1/24 |
|
|
HGE1/0/2 |
10.1.3.1/24 |
|
HGE1/0/2 |
10.1.3.2/24 |
|
|
HGE1/0/3 |
10.1.4.1/24 |
Router E |
HGE1/0/1 |
10.1.5.2/24 |
|
|
HGE1/0/4 |
200.1.1.1/24 |
|
HGE1/0/2 |
10.1.4.2/24 |
|
|
HGE1/0/5 |
10.1.1.1/24 |
Router F |
HGE1/0/1 |
9.1.1.1/24 |
|
Router B |
HGE1/0/1 |
10.1.1.2/24 |
|
HGE1/0/2 |
200.1.1.2/24 |
|
Router C |
HGE1/0/1 |
10.1.2.2/24 |
|
|
|
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure the BGP confederation:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65001
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] confederation id 200
[RouterA-bgp-default] confederation peer-as 65002 65003
[RouterA-bgp-default] peer 10.1.1.2 as-number 65002
[RouterA-bgp-default] peer 10.1.2.2 as-number 65003
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable
[RouterA-bgp-default-ipv4] peer 10.1.2.2 enable
[RouterA-bgp-default-ipv4] peer 10.1.1.2 next-hop-local
[RouterA-bgp-default-ipv4] peer 10.1.2.2 next-hop-local
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 65002
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] confederation id 200
[RouterB-bgp-default] confederation peer-as 65001 65003
[RouterB-bgp-default] peer 10.1.1.1 as-number 65001
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 65003
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] confederation id 200
[RouterC-bgp-default] confederation peer-as 65001 65002
[RouterC-bgp-default] peer 10.1.2.1 as-number 65001
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 10.1.2.1 enable
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
3. Configure IBGP connections in AS65001:
# Configure Router A.
[RouterA] bgp 65001
[RouterA-bgp-default] peer 10.1.3.2 as-number 65001
[RouterA-bgp-default] peer 10.1.4.2 as-number 65001
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 10.1.3.2 enable
[RouterA-bgp-default-ipv4] peer 10.1.4.2 enable
[RouterA-bgp-default-ipv4] peer 10.1.3.2 next-hop-local
[RouterA-bgp-default-ipv4] peer 10.1.4.2 next-hop-local
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router D.
<RouterD> system-view
[RouterD] bgp 65001
[RouterD-bgp-default] router-id 4.4.4.4
[RouterD-bgp-default] confederation id 200
[RouterD-bgp-default] peer 10.1.3.1 as-number 65001
[RouterD-bgp-default] peer 10.1.5.2 as-number 65001
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 10.1.3.1 enable
[RouterD-bgp-default-ipv4] peer 10.1.5.2 enable
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
# Configure Router E.
<RouterE> system-view
[RouterE] bgp 65001
[RouterE-bgp-default] router-id 5.5.5.5
[RouterE-bgp-default] confederation id 200
[RouterE-bgp-default] peer 10.1.4.1 as-number 65001
[RouterE-bgp-default] peer 10.1.5.1 as-number 65001
[RouterE-bgp-default] address-family ipv4 unicast
[RouterE-bgp-default-ipv4] peer 10.1.4.1 enable
[RouterE-bgp-default-ipv4] peer 10.1.5.1 enable
[RouterE-bgp-default-ipv4] quit
[RouterE-bgp-default] quit
4. Configure the EBGP connection between AS 100 and AS 200:
# Configure Router A.
[RouterA] bgp 65001
[RouterA-bgp-default] peer 200.1.1.2 as-number 100
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 200.1.1.2 enable
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router F.
<RouterF> system-view
[RouterF] bgp 100
[RouterF-bgp-default] router-id 6.6.6.6
[RouterF-bgp-default] peer 200.1.1.1 as-number 200
[RouterF-bgp-default] address-family ipv4 unicast
[RouterF-bgp-default-ipv4] peer 200.1.1.1 enable
[RouterF-bgp-default-ipv4] network 9.1.1.0 255.255.255.0
[RouterF-bgp-default-ipv4] quit
[RouterF-bgp-default] quit
Verifying the configuration
# Display the BGP routing table on Router B.
[RouterB] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 9.1.1.0/24 10.1.1.1 0 100 0 (65001)
100i
[RouterB] display bgp routing-table ipv4 9.1.1.0
BGP local router ID: 2.2.2.2
Local AS number: 65002
Paths: 1 available, 1 best
BGP routing table information of 9.1.1.0/24:
From : 10.1.1.1 (1.1.1.1)
Rely nexthop : 10.1.1.1
Original nexthop: 10.1.1.1
Out interface : HundredGigE1/0/1
Route age : 01h22m43s
OutLabel : NULL
AS-path : (65001) 100
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0, pre 255
State : valid, external-confed, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
# Display the BGP routing table on Router D.
[RouterD] display bgp routing-table ipv4
Total number of routes: 1
BGP local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 9.1.1.0/24 10.1.3.1 0 100 0 100i
[RouterD] display bgp routing-table ipv4 9.1.1.0
BGP local router ID: 4.4.4.4
Local AS number: 65001
Paths: 1 available, 1 best
BGP routing table information of 9.1.1.0/24:
From : 10.1.3.1 (1.1.1.1)
Rely nexthop : 10.1.3.1
Original nexthop: 10.1.3.1
Out interface : HundredGigE1/0/2
Route age : 01h43m32s
OutLabel : NULL
AS-path : 100
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0, pre 255
State : valid, internal-confed, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
The output shows the following:
· Router F can send route information to Router B and Router C through the confederation by establishing only an EBGP connection with Router A.
· Router B and Router D are in the same confederation, but belong to different sub-ASs. They obtain external route information from Router A and generate identical BGP route entries although they have no direct connection in between.
Controlling BGP path selection
BGP path selection control tasks at a glance
By configuring BGP path attributes, you can control BGP path selection.
To control BGP path selection, perform the following tasks:
1. Setting a preferred value for received routes
2. Configuring preferences for BGP routes
3. Configuring the default local preference
4. Configuring the MED attribute
¡ Configuring the default MED value
¡ Enabling MED comparison for routes from different ASs
¡ Enabling MED comparison for routes on a per-AS basis
¡ Enabling MED comparison for routes from confederation peers
5. Configuring the NEXT_HOP attribute
6. Configuring the AS_PATH attribute
¡ Permitting local AS number to appear in routes from a peer or peer group
¡ Ignoring the AS_PATH attribute during optimal route selection
¡ Advertising a fake AS number to a peer or peer group
¡ Configuring AS number substitution
¡ Removing private AS numbers from sent updates
¡ Ignoring the first AS number of EBGP route updates
¡ Setting an AS number quantity threshold
7. Ignoring IGP metrics during optimal route selection
8. Configuring the AIGP attribute
9. Ignoring router IDs during optimal route selection
10. Preferring routes with an IPv6 next hop during optimal route selection
Setting a preferred value for received routes
About this task
Perform this task to set a preferred value for specific routes to control BGP path selection.
Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the optimal route.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Set a preferred value for routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } preferred-value value
By default, the preferred value is 0 for routes received from a peer or peer group.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Set a preferred value for routes received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } preferred-value value
By default, the preferred value is 0 for routes received from a peer or peer group.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Configuring preferences for BGP routes
About this task
Routing protocols each have a default preference. If they find multiple routes destined for the same network, the route found by the routing protocol with the highest preference is selected as the optimal route.
You can use the preference command to modify preferences for EBGP, IBGP, and local BGP routes, or use a routing policy to set a preference for matching routes. For routes not matching the routing policy, the default preference applies.
If a device has an EBGP route and a local BGP route to reach the same destination, it does not select the EBGP route because the EBGP route has a lower preference than the local BGP route by default. You can use the network short-cut command to configure the EBGP route as a shortcut route that has the same preference as the local BGP route. The EBGP route will more likely become the optimal route.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure preferences for EBGP, IBGP, and local BGP routes.
preference { external-preference internal-preference local-preference | route-policy route-policy-name }
By default, the preferences for EBGP, IBGP, and local BGP routes are 255, 255, and 130, respectively.
4. (Optional.) Configure an EBGP route as a shortcut route.
network ipv4-address [ mask-length | mask ] short-cut
By default, an EBGP route has a preference of 255.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure preferences for EBGP, IBGP, and local BGP routes.
preference { external-preference internal-preference local-preference | route-policy route-policy-name }
By default, the preferences for EBGP, IBGP, and local BGP routes are 255, 255, and 130, respectively.
4. (Optional.) Configure an EBGP route as a shortcut route.
network ipv6-address prefix-length short-cut
By default, an EBGP route has a preference of 255.
Configuring the default local preference
About this task
The local preference is used to determine the optimal route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination, but with different next hops, it selects the route with the highest local preference as the optimal route.
This task allows you to specify the default local preference for routes sent to IBGP peers.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure the default local preference.
default local-preference value
The default local preference is 100.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure the default local preference.
default local-preference value
The default local preference is 100.
Configuring the MED attribute
About the MED attribute
BGP uses MED to determine the optimal route for traffic going into an AS. When a BGP router obtains multiple routes with the same destination but with different next hops, it selects the route with the smallest MED value as the optimal route if other conditions are the same.
Configuring the default MED value
Configuring the default MED value (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure the default MED value.
default med med-value
The default MED value is 0.
Configuring the default MED value (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure the default MED value.
default med med-value
The default MED value is 0.
Enabling MED comparison for routes from different ASs
About this task
By default, BGP only compares the MEDs of routes from the same AS. This task enables BGP to compare the MEDs of routes from different ASs.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable MED comparison for routes from different ASs.
compare-different-as-med
By default, MED comparison for routes from different ASs is disabled.
Enabling MED comparison for routes on a per-AS basis
About this task
This task enables BGP to compare the MEDs of routes from an AS.
Figure 22 Route selection based on MED (in an IPv4 network)
As shown in Figure 22, Device D establishes indirect EBGP peer relationships with Device A, Device B, and Device C, and learns addresses 1.1.1.1/32, 2.2.2.2/32, and 3.3.3.3/32 through OSPF. The following output shows the routing information on Device D.
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.1/32 O_INTRA 10 10 11.1.1.2 Interface D1
2.2.2.2/32 O_INTRA 10 20 12.1.1.2 Interface D2
3.3.3.3/32 O_INTRA 10 30 13.1.1.2 Interface D3
Device D learns network 10.0.0.0 from both Device A and Device B. Because the route learned from Device B has a smaller IGP metric, the route is optimal. The following output shows the BGP routing table on Device D.
Network NextHop MED LocPrf PrefVal Path/Ogn
*>e 10.0.0.0 2.2.2.2 50 0 300 400e
* e 3.3.3.3 50 0 200 400e
When Device D learns network 10.0.0.0 from Device C, it compares the route with the optimal route in its routing table. Because Device C and Device B reside in different ASs, BGP does not compare the MEDs of the two routes. The route from Device C has a smaller IGP metric than the route from Device B, so the route from Device C becomes optimal. The following output shows the BGP routing table on Device D.
Network NextHop MED LocPrf PrefVal Path/Ogn
*>e 10.0.0.0 1.1.1.1 60 0 200 400e
* e 10.0.0.0 2.2.2.2 50 0 300 400e
* e 3.3.3.3 50 0 200 400e
However, Device C and Device A reside in the same AS, and Device C has a greater MED, so network 10.0.0.0 learned from Device C should not be optimal.
To avoid this problem, you can configure the bestroute compare-med command to enable MED comparison for routes from the same AS on Device D. After that, Device D puts the routes received from each AS into a group, selects the route with the lowest MED from each group, and compares routes from different groups. Network 10.0.0.0 learned from Device B is the optimal route. The following output shows the BGP routing table on Device D.
Network NextHop MED LocPrf PrefVal Path/Ogn
*>e 10.0.0.0 2.2.2.2 50 0 300 400e
* e 3.3.3.3 50 0 200 400e
* e 1.1.1.1 60 0 200 400e
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable MED comparison for routes on a per-AS basis.
bestroute compare-med
By default, MED comparison for routes on a per-AS basis is disabled.
Enabling MED comparison for routes from confederation peers
About this task
This task enables BGP to compare the MEDs of routes received from confederation peers. However, if a route received from a confederation peer has an AS number that does not belong to the confederation, BGP does not compare the route with other routes. For example, a confederation has three AS numbers 65006, 65007, and 65009. BGP receives three routes from different confederation peers. The AS_PATH attributes of these routes are 65006 65009, 65007 65009, and 65008 65009, and the MED values of them are 2, 3, and 1. Because the third route's AS_PATH attribute contains AS number 65008 that does not belong to the confederation, BGP does not compare it with other routes. As a result, the first route becomes the optimal route.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable MED comparison for routes from confederation peers.
bestroute med-confederation
By default, MED comparison for routes from confederation peers is disabled.
Configuring the NEXT_HOP attribute
About this task
By default, a BGP router does not set itself as the next hop for routes advertised to an IBGP peer or peer group. In some cases, however, you must configure the advertising router as the next hop to ensure that the BGP peer can find the correct next hop.
For example, as shown in Figure 23, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship. If Router C has no route destined for IP address 1.1.1.1/24, you must configure Router B to set itself 3.1.1.1/24 as the next hop for the network 2.1.1.1/24 advertised to Router C.
Figure 23 NEXT_HOP attribute configuration
If a BGP router has two peers on a broadcast network, it does not set itself as the next hop for routes sent to an EBGP peer by default. As shown in Figure 24, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship. They are on the same broadcast network 1.1.1.0/24. When Router B sends EBGP routes to Router A, it does not set itself as the next hop by default. However, you can configure Router B to set it (1.1.1.2/24) as the next hop for routes sent to Router A by using the peer next-hop-local command as needed.
Figure 24 NEXT_HOP attribute configuration
Restrictions and guidelines
If you have configured BGP load balancing, the router sets itself as the next hop for routes sent to an IBGP peer or peer group regardless of whether the peer next-hop-local command is configured.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Specify the router as the next hop for routes sent to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } next-hop-local
By default, the router sets itself as the next hop for routes sent to an EBGP peer or peer group. However, it does not set itself as the next hop for routes sent to an IBGP peer or peer group.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Specify the router as the next hop for routes sent to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } next-hop-local
By default, the router sets itself as the next hop for routes sent to an EBGP peer or peer group. However, it does not set itself as the next hop for routes sent to an IBGP peer or peer group.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Configuring the AS_PATH attribute
Permitting local AS number to appear in routes from a peer or peer group
About this task
In general, BGP checks whether the AS_PATH attribute of a route from a peer contains the local AS number. If yes, it discards the route to avoid routing loops.
In certain network environments (for example, a Hub&Spoke network in MPLS L3VPN), however, the AS_PATH attribute of a route from a peer must be allowed to contain the local AS number. Otherwise, the route cannot be advertised correctly.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Permit the local AS number to appear in routes from a peer or peer group and set the appearance times.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed in routes from a peer or peer group.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Permit the local AS number to appear in routes from a peer or peer group and set the appearance times.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed in routes from a peer or peer group.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Ignoring the AS_PATH attribute during optimal route selection
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to ignore the AS_PATH attribute during optimal route selection.
bestroute as-path-neglect
By default, BGP includes the AS_PATH attribute in optimal route selection.
Advertising a fake AS number to a peer or peer group
About this task
After you move a BGP router from an AS to another AS (from AS 2 to AS 3 for example), you have to modify the AS number of the router on all its EBGP peers. To avoid such modifications, you can configure the router to advertise a fake AS number 2 to its EBGP peers so that the EBGP peers still think that Router A is in AS 2.
When you configure the peer fake-as command, you can specify the following keywords:
· dual-as—Initiates session requests to a peer using the real AS number and fake AS number in turn until a session is established successfully. The first session request contains the real AS number.
When the session goes down and BGP re-initiates session requests to the peer, the first session request contains the most recent AS number before the session goes down.
· prepend-fake-as—Adds the fake AS number to the AS_PATH attribute in packets received from a peer.
· prepend-global-as—Adds the real AS number to the AS_PATH attribute in packets sent to a peer.
Restrictions and guidelines
The prepend-fake-as and prepend-global-as keywords take effect only when BGP establishes a session to its peer using a fake AS number.
The peer fake-as command is applicable only to EBGP peers or peer groups. When you execute the peer fake-as command and set the fake AS number to the AS number of the peer, follow these restrictions and guidelines:
· If the BGP connection is established successfully by using the fake AS number, BGP considers the peer as an IBGP peer. If the BGP connection is established successfully by using the actual AS number, BGP considers the peer as an EBGP peer.
· You can configure features supported only by IBGP peers and features supported only by EBGP peers for the peer, but only features supported by the peer take effect.
· BGP clears configuration taking effect on only IBGP peers for the peer after you perform either of the following operations:
¡ Execute the peer fake-as command and set the value of the as-number argument to a different value from that of the peer as-number command.
¡ Execute the undo peer fake-as command.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Advertise a fake AS number to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } fake-as as-number [ dual-as | prepend-fake-as | prepend-global-as ] *
By default, no fake AS number is advertised to a peer or peer group.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Advertise a fake AS number to a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } fake-as as-number [ dual-as | prepend-fake-as | prepend-global-as ] *
By default, no fake AS number is advertised to a peer or peer group.
Configuring AS number substitution
About this task
To use EBGP between PE and CE in MPLS L3VPN, VPN sites in different geographical areas should have different AS numbers. Otherwise, BGP discards route updates containing the local AS number. If two CEs connected to different PEs use the same AS number, you must configure AS number substitution on each PE. This substitution can replace the AS number in route updates originated by the remote CE as its own AS number before advertising them to the connected CE.
Figure 25 AS number substitution configuration (in an IPv4 network)
As shown in Figure 25, CE 1 and CE 2 use the same AS number 800. To ensure bidirectional communication between the two sites, configure AS number substitution on PE 2. PE 2 replaces AS 800 with AS 100 for the BGP route update originated from CE 1 before advertising it to CE 2. Perform the same configuration on PE 1.
Restrictions and guidelines
Do not configure AS number substitution in normal circumstances. Otherwise, routing loops might occur.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure AS number substitution for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } substitute-as
By default, AS number substitution is not configured.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure AS number substitution for a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } substitute-as
By default, AS number substitution is not configured.
Removing private AS numbers from sent updates
About this task
Private AS numbers are typically used in test networks, and should not be transmitted in public networks. The range of private AS numbers is from 64512 to 65535.
Perform this task to enable BGP to remove private AS numbers from the AS_PATH attribute of updates sent to a peer or peer group.
Restrictions and guidelines
This feature is applicable only to EBGP peers or peer groups.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } public-as-only
By default, BGP updates sent to an EBGP peer or peer group can carry both public and private AS numbers.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } public-as-only
By default, BGP updates sent to an EBGP peer or peer group can carry both public and private AS numbers.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Ignoring the first AS number of EBGP route updates
About this task
By default, BGP checks the first AS number of an EBGP-learned route update. If the first AS number is neither the AS number of the BGP peer nor a private AS number, the BGP router disconnects the BGP session to the peer.
Ignoring the first AS number of all EBGP route updates
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Configure BGP to ignore the first AS number of all EBGP route updates.
ignore-first-as
By default, BGP checks the first AS number of all EBGP-learned route updates.
Ignoring the first AS number of EBGP route updates received from a peer or peer group (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to ignore the first AS number of EBGP route updates received from a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } ignore-first-as
By default, BGP checks the first AS number of EBGP-learned route updates.
Ignoring the first AS number of EBGP route updates received from a peer or peer group (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to ignore the first AS number of EBGP route updates received from a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } ignore-first-as
By default, BGP checks the first AS number of EBGP-learned route updates.
Setting an AS number quantity threshold
About this task
Perform this task to enable BGP to filter routes based on the quantity of AS numbers contained in the AS_PATH attribute. BGP will discard incoming and outgoing routes, and withdraw routes that have been advertised if they exceed the specified quantity threshold.
Restrictions and guidelines
This feature does not take effect on routes that have been received or on local summary routes.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Set an AS number quantity threshold.
as-path-limit [ as-numbers ]
By default, no AS number quantity threshold is configured.
Ignoring IGP metrics during optimal route selection
About this task
By default, BGP includes IGP metrics in optimal route selection. If multiple routes to the same destination are available, BGP selects the route with the smallest IGP metric as the optimal route.
Perform this task to enable BGP to ignore IGP metrics during optimal route selection.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to ignore IGP metrics during optimal route selection.
bestroute igp-metric-ignore
By default, BGP includes IGP metrics in optimal route selection.
Configuring the AIGP attribute
About this task
An Accumulated Interior Gateway Protocol (AIGP) administrative domain is a collection of multiple ASs that run the same IGP under one administrative control. Within the domain, BGP accumulates the IGP metrics all along the forwarding path for a route. Then, it uses the accumulated value as the AIGP attribute for the route to implement metric-based route selection.
By default, BGP does not advertise the AIGP attribute to its peers or peer groups. When BGP receives a route carrying the AIGP attribute, it ignores and removes the attribute before advertising the route to other peers or peer groups. Perform this task to enable BGP to advertise the AIGP attribute to its peers or peer groups.
With this feature enabled, a router processes the AIGP attribute in a received route as follows:
· If the router sets itself as the next hop for the route, it adds to the AIGP attribute value the IGP metric from itself to the original next hop and advertises the new AIGP attribute value.
· If the router does not set itself as the next hop for the route, it does not change the AIGP attribute value.
BGP uses the AIGP attribute to select the optimal route as follows:
· A route carrying the AIGP attribute takes precedence over a route not carrying the AIGP attribute.
· A route that has a smaller computed AIGP attribute value has a higher priority.
When the AIGP attribute of a route changes, BGP sends a route update with the new AIGP attribute.
Restrictions and guidelines
As a best practice, do not configure the peer aigp command on border routers of an AIGP administrative domain.
When a router receives a route not carrying the AIGP attribute, it does not advertise the AIGP attribute to a peer or peer group if you configure only the peer aigp command. To enable the router to advertise the AIGP attribute, you must configure both the peer aigp and apply aigp commands. For information about the apply aigp command, see "Configuring routing policies."
Procedure (IPv4)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
3. Configure BGP to advertise the AIGP attribute to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } aigp
By default, BGP does not advertise the AIGP attribute to a peer or peer group and ignores the AIGP attribute in routes received from the peer or peer group.
4. (Optional.) Replace the MED value with AIGP value in routes advertised to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } aigp send med
By default, BGP does not replace the MED value with AIGP value in routes advertised to a peer or peer group.
Use this command to send the AIGP attribute to a peer or peer group that does not support AIGP.
Procedure (IPv6)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
3. Configure BGP to advertise the AIGP attribute to the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } aigp
By default, BGP does not advertise the AIGP attribute to a peer or peer group and ignores the AIGP attribute in routes received from the peer or peer group.
4. (Optional.) Replace the MED value with AIGP value in routes advertised to the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } aigp send med
By default, BGP does not replace the MED value with AIGP value in routes advertised to a peer or peer group.
Use this command to send the AIGP attribute to a peer or peer group that does not support AIGP.
Ignoring router IDs during optimal route selection
About this task
By default, BGP compares router IDs during optimal route selection. If multiple routes to the same destination are available, BGP selects the route with the smallest router ID as the optimal route.
Perform this task to enable BGP to ignore router IDs during optimal route selection.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to ignore router IDs during optimal route selection.
bestroute router-id-ignore
By default, BGP compares router IDs during optimal route selection.
Preferring routes with an IPv6 next hop during optimal route selection
About this task
Configure this feature for the VXLAN packets in an EVPN network to be forwarded through IPv6 routes when both IPv4 and IPv6 routes exist.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP EVPN address family view.
address-family l2vpn evpn
4. Enable BGP to prefer routes with an IPv6 next hop during optimal route selection.
bestroute ipv6-nexthop
By default, BGP prefers routes with an IPv4 next hop during optimal route selection.
Display and maintenance commands for BGP path selection control
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
Displaying BGP (IPv6 multicast address family)
|
Task |
Command |
|
Display BGP path attribute information. |
display bgp [ instance instance-name ] paths [ as-regular-expression ] |
BGP path selection control configuration examples
Example: Configuring BGP path selection
Network configuration
As shown in Figure 26, all routers run BGP.
· EBGP runs between Router A and Router B, and between Router A and Router C.
· IBGP runs between Router B and Router D, and between Router D and Router C. OSPF is the IGP in AS 200.
Configure routing policies to make Router D give priority to the route 1.0.0.0/8 learned from Router C.
Table 5 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Router A |
HGE1/0/1 |
1.0.0.1/8 |
Router D |
HGE1/0/1 |
195.1.1.1/24 |
|
|
HGE1/0/2 |
192.1.1.1/24 |
|
HGE1/0/2 |
194.1.1.1/24 |
|
|
HGE1/0/3 |
193.1.1.1/24 |
Router C |
HGE1/0/1 |
193.1.1.2/24 |
|
Router B |
HGE1/0/1 |
192.1.1.2/24 |
|
HGE1/0/2 |
195.1.1.2/24 |
|
|
HGE1/0/2 |
194.1.1.2/24 |
|
|
|
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPF on Router B, Router C, and Router D:
# Configure Router B.
<RouterB> system-view
[RouterB] ospf
[RouterB-ospf] area 0
[RouterB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255
[RouterB-ospf-1-area-0.0.0.0] quit
[RouterB-ospf-1] quit
# Configure Router C.
<RouterC> system-view
[RouterC] ospf
[RouterC-ospf] area 0
[RouterC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
# Configure Router D.
<RouterD> system-view
[RouterD] ospf
[RouterD-ospf] area 0
[RouterD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255
[RouterD-ospf-1-area-0.0.0.0] quit
[RouterD-ospf-1] quit
3. Configure BGP connections:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] peer 192.1.1.2 as-number 200
[RouterA-bgp-default] peer 193.1.1.2 as-number 200
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 192.1.1.2 enable
[RouterA-bgp-default-ipv4] peer 193.1.1.2 enable
# Inject network 1.0.0.0/8 into the BGP routing table of Router A.
[RouterA-bgp-default-ipv4] network 1.0.0.0 8
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
[RouterB] bgp 200
[RouterB-bgp-default] peer 192.1.1.1 as-number 100
[RouterB-bgp-default] peer 194.1.1.1 as-number 200
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 192.1.1.1 enable
[RouterB-bgp-default-ipv4] peer 194.1.1.1 enable
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Configure Router C.
[RouterC] bgp 200
[RouterC-bgp-default] peer 193.1.1.1 as-number 100
[RouterC-bgp-default] peer 195.1.1.1 as-number 200
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 193.1.1.1 enable
[RouterC-bgp-default-ipv4] peer 195.1.1.1 enable
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
# Configure Router D.
[RouterD] bgp 200
[RouterD-bgp-default] peer 194.1.1.2 as-number 200
[RouterD-bgp-default] peer 195.1.1.2 as-number 200
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 194.1.1.2 enable
[RouterD-bgp-default-ipv4] peer 195.1.1.2 enable
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
4. Configure local preference for the route 1.0.0.0/8 to make Router D give priority to the route learned from Router C:
# Define IPv4 basic ACL 2000 to permit the route 1.0.0.0/8 on Router C.
[RouterC] acl basic 2000
[RouterC-acl-ipv4-basic-2000] rule permit source 1.0.0.0 0.255.255.255
[RouterC-acl-ipv4-basic-2000] quit
# Define routing policy localpref on Router C to set the local preference of route 1.0.0.0/8 to 200 (the default is 100).
[RouterC] route-policy localpref permit node 10
[RouterC-route-policy-localpref-10] if-match ip address acl 2000
[RouterC-route-policy-localpref-10] apply local-preference 200
[RouterC-route-policy-localpref-10] quit
# Apply the routing policy localpref to the route from the peer 193.1.1.1 on Router C.
[RouterC] bgp 200
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 193.1.1.1 route-policy localpref import
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
# Display the BGP routing table on Router D.
[RouterD] display bgp routing-table ipv4
Total number of routes: 2
BGP local router ID is 195.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i 1.0.0.0 193.1.1.1 200 0 100i
* i 192.1.1.1 100 0 100i
The route 1.0.0.0/8 learned from Router C is the optimal route.
Tuning and optimizing BGP networks
BGP network tuning and optimization tasks at a glance
To tune and optimize BGP networks, perform the following tasks:
· Establishing and resetting EBGP sessions
¡ Enabling BGP to establish an EBGP session over multiple hops
¡ Enabling immediate re-establishment of direct EBGP connections upon link failure
¡ Protecting an EBGP peer when memory usage reaches level 2 threshold
· Enabling BGP ORF capabilities negotiation
· Establishing, terminating, and soft-resetting BGP sessions
¡ Enabling 4-byte AS number suppression
¡ Disabling BGP session establishment
· Configuring BGP load balancing
· Configuring the BGP Additional Paths feature
· Configuring BGP optimal route selection delay
· Setting the delay time for responding to recursive next hop changes
· Configuring peer flap dampening
· Setting a DSCP value for outgoing BGP packets
· Flushing the suboptimal BGP route to the RIB
· Enabling BGP to not flush specific routes to the routing table
· Configuring label allocation and path selection
¡ Specifying a label allocation mode
¡ Disabling optimal route selection for labeled routes without tunnel information
· Recursing unlabeled public BGP routes to LSPs
· Disabling MPLS local IFNET tunnel establishment
Enabling BGP to establish an EBGP session over multiple hops
About this task
To establish an EBGP session, two routers must have a direct physical link and use directly connected interfaces. If no direct link is available, you must use the peer ebgp-max-hop command to enable BGP to establish an EBGP session over multiple hops and specify the maximum hops.
Restrictions and guidelines
When the BGP GTSM feature is enabled, two peers can establish an EBGP session after passing GTSM check, regardless of whether the maximum number of hops is reached.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP to establish an EBGP session to an indirectly connected peer or peer group and specify the maximum hop count.
peer { group-name | ipv4-address [ mask-length ] } ebgp-max-hop [ hop-count ]
By default, BGP cannot establish an EBGP session to an indirectly connected peer or peer group.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP to establish an EBGP session to an indirectly connected peer or peer group and specify the maximum hop count.
peer { group-name | ipv6-address [ prefix-length ] } ebgp-max-hop [ hop-count ]
By default, BGP cannot establish an EBGP session to an indirectly connected peer or peer group.
Enabling immediate re-establishment of direct EBGP connections upon link failure
About this task
By default, when the link to a directly connected EBGP peer goes down, the router does not re-establish a session to the peer until the hold time timer expires. This feature enables BGP to immediately recreate the session in that situation. When this feature is disabled, route flapping does not affect EBGP session state.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable immediate re-establishment of direct EBGP connections upon link failure.
ebgp-interface-sensitive
By default, immediate re-establishment of direct EBGP connections is enabled.
Protecting an EBGP peer when memory usage reaches level 2 threshold
About this task
Memory usage includes the following threshold levels: normal, level 1, level 2, and level 3. When the level 2 threshold is reached, BGP periodically tears down an EBGP session to release memory resources until the memory usage falls below the level 2 threshold. You can configure this feature to avoid tearing down the EBGP session to an EBGP peer when the memory usage reaches the level 2 threshold.
For more information about memory usage thresholds, see device management configuration in Fundamentals Configuration Guide.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to protect an EBGP peer or peer group when the memory usage reaches level 2 threshold.
peer { group-name | ipv4-address [ mask-length ] } low-memory-exempt
By default, BGP periodically tears down an EBGP session to release memory resources when level 2 threshold is reached.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure BGP to protect an EBGP peer or peer group when the memory usage reaches level 2 threshold.
peer { group-name | ipv6-address [ prefix-length ] } low-memory-exempt
By default, BGP tears down an EBGP session to release memory resources periodically when level 2 threshold is reached.
Enabling BGP ORF capabilities negotiation
About BGP ORF
BGP Outbound Route Filtering (ORF) saves the system resources by reducing the route updates that are sent between BGP peers.
The BGP peers negotiate the ORF capabilities through Open messages. After completing the negotiation process, the BGP peers can exchange ORF information (local route reception filtering policy) through route refresh messages. Then, only routes that pass both the local route distribution filtering policy and the received route reception filtering policy can be advertised.
Restrictions and guidelines
You can enable the ORF information sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the ORF capabilities, make sure one end has the sending capability and the other end has the receiving capability.
After you enable BGP ORF capabilities negotiation for a peer, the local device negotiates standard ORF capabilities as defined in RFC with the peer. If the peer uses nonstandard ORF, you must also enable nonstandard ORF capabilities negotiation for the peer.
Enabling BGP ORF capabilities negotiation for a peer or peer group
Procedure (IPv4 unicast/IPv4 multicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Enable BGP ORF capabilities negotiation for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
By default, BGP ORF capabilities negotiation is disabled for a peer or peer group.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/IPv6 multicast)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Enable BGP ORF capabilities negotiation for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
By default, BGP ORF capabilities negotiation is disabled for a peer or peer group.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Enabling nonstandard BGP ORF capabilities negotiation for a peer or peer group
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable nonstandard BGP ORF capabilities negotiation for a peer or peer group.
peer { group-name | ip-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf non-standard
By default, nonstandard BGP ORF capabilities negotiation is disabled for a peer or peer group.
Enabling 4-byte AS number suppression
About this task
BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an OPEN message to the peer device for session establishment. The OPEN message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression feature. The device then sends an OPEN message to inform the peer that it does not support 4-byte AS numbers, so the BGP session can be established.
Restrictions and guidelines
If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression feature. Otherwise, the BGP session cannot be established.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable 4-byte AS number suppression.
peer { group-name | ipv4-address [ mask-length ] } capability-advertise suppress-4-byte-as
By default, 4-byte AS number suppression is disabled.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable 4-byte AS number suppression.
peer { group-name | ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as
By default, 4-byte AS number suppression is disabled.
Disabling BGP session establishment
About disabling BGP session establishment
This task enables you to temporarily tear down BGP sessions to a peer/peer group or all peers/peer groups. You can perform network upgrade and maintenance without needing to delete and reconfigure the peers and peer groups. To recover the sessions, execute the undo peer ignore or undo ignore all-peers command.
If you specify the graceful keyword in the peer ignore command, BGP performs the following tasks:
· Gracefully shuts down the session to the specified peer or peer group in the specified graceful shutdown period of time.
· Advertises all routes to the specified peer or peer group and changes the attribute of the advertised routes to the specified value.
· Advertises routes from the specified peer or peer group to other IBGP peers and peer groups and changes the attribute of the advertised routes to the specified value.
If you specify the graceful keyword in the ignore all-peers command, BGP performs the following tasks:
· Gracefully shuts down the sessions to all peers and peer groups in the specified graceful shutdown period of time.
· Advertises all routes to all peers and peer groups and changes the attribute of the advertised routes to the specified value.
Restrictions and guidelines
For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.
Disabling BGP session establishment with a peer or peer group (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Disable BGP session establishment with a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } ignore [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]
By default, BGP can establish a session to a peer or peer group.
Disabling BGP session establishment with a peer or peer group (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Disable BGP session establishment with a peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } ignore [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]
By default, BGP can establish a session to a peer or peer group.
Disabling BGP session establishment with all peers or peer groups
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Disable BGP session establishment with all peers or peer groups.
ignore all-peers [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]
By default, BGP can establish sessions to all peers and peer groups.
Configuring BGP soft-reset
About BGP soft-reset
After you modify the route selection policy, for example, modify the preferred value, you must reset BGP sessions to apply the new policy. The reset operation tears down and re-establishes BGP sessions.
To avoid tearing down BGP sessions, you can use one of the following soft-reset methods to apply the new policy:
· Enabling route refresh—The BGP router advertises a ROUTE-REFRESH message to the specified peer, and the peer resends its routing information to the router. After receiving the routing information, the router filters the routing information by using the new policy.
This method requires that both the local router and the peer support route refresh.
· Saving updates—Use the peer keep-all-routes command to save all route updates from the specified peer. After modifying the route selection policy, filter routing information by using the new policy.
This method does not require that the local router and the peer support route refresh but it uses more memory resources to save routes.
· Manual soft-reset—Use the refresh bgp command to enable BGP to send local routing information or advertise a ROUTE-REFRESH message to the specified peer. The peer then resends its routing information. After receiving the routing information, the router filters the routing information by using the new policy.
This method requires that both the local router and the peer support route refresh.
Enabling route refresh (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP route refresh for a peer or peer group.
¡ Enable BGP route refresh for the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } capability-advertise route-refresh
¡ Enable the BGP route refresh, multi-protocol extension, and 4-byte AS number features for the specified peer or peer group.
undo peer { group-name | ipv4-address [ mask-length ] } capability-advertise conventional
By default, the BGP route refresh, multi-protocol extension, and 4-byte AS number features are enabled.
Enabling route refresh (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP route refresh for a peer or peer group.
¡ Enable BGP route refresh for the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } capability-advertise route-refresh
¡ Enable the BGP route refresh, multi-protocol extension, and 4-byte AS number features for the specified peer or peer group.
undo peer { group-name | ipv6-address [ prefix-length ] } capability-advertise conventional
By default, the BGP route refresh, multi-protocol extension, and 4-byte AS number features are enabled.
Configuring BGP soft-reset by saving route updates
About this task
You can execute the keep-all-routes command in BGP instance view to save route updates from all peers and peer groups. You can execute the peer keep-all-routes command for a peer or peer group in the corresponding address family view to save route updates from the peer or peer group.
Restrictions and guidelines
This feature takes effect only on routes received after this feature is configured.
The keep-all-routes command applies to all peers and peer groups. You cannot disable this feature by executing the undo peer keep-all-routes command for a specific peer or peer group in the corresponding address family view. To enable the feature for only certain peers or peer groups, perform the following operations:
· Execute the peer keep-all-routes command in the associated address family view.
· Make sure the keep-all-routes command is not executed in BGP instance view.
Procedure (global configuration)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Save route updates from all peers and peer groups.
keep-all-routes
By default, route updates from peers and peer groups are not saved.
Procedure (IPv4 unicast/IPv4 multicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Save all route updates from the peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes
By default, route updates from peers and peer groups are not saved.
The ipv6-address [ prefix-length ] argument is not supported in BGP IPv4 multicast address family view.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Save all route updates from the peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes
By default, route updates from peers and peer groups are not saved.
The ipv4-address [ mask-length ] argument is not supported in BGP IPv6 multicast address family view.
Configuring manual soft-reset (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP route refresh for a peer or peer group.
¡ Enable BGP route refresh for the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } capability-advertise route-refresh
¡ Enable the BGP route refresh, multi-protocol extension, and 4-byte AS number features for the specified peer or peer group.
undo peer { group-name | ipv4-address [ mask-length ] } capability-advertise conventional
By default, the BGP route refresh, multi-protocol extension, and 4-byte AS number features are enabled.
4. Execute the quit command twice to return to user view.
quit
5. Perform manual soft-reset. Choose one option as needed:
¡ Perform manual soft-reset on IPv4 sessions in BGP IPv4 address family.
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } ipv4 [ multicast | [ unicast ] [ vpn-instance vpn-instance-name ] ]
¡ Perform manual soft-reset on IPv6 sessions in BGP IPv4 address family.
refresh bgp [ instance instance-name ] ipv6-address [ prefix-length ] { export | import } ipv4 [ unicast ] [ vpn-instance vpn-instance-name ]
Configuring manual soft-reset (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BGP route refresh for a peer or peer group.
¡ Enable BGP route refresh for the specified peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } capability-advertise route-refresh
¡ Enable the BGP route refresh, multi-protocol extension, and 4-byte AS number features for the specified peer or peer group.
undo peer { group-name | ipv6-address [ prefix-length ] } capability-advertise conventional
By default, the BGP route refresh, multi-protocol extension, and 4-byte AS number features are enabled.
4. Execute the quit command twice to return to user view.
quit
5. Perform manual soft-reset. Choose one option as needed:
¡ Perform manual soft-reset on IPv6 sessions in BGP IPv6 address family.
refresh bgp [ instance instance-name ] { ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } ipv6 [ multicast | [ unicast ] [ vpn-instance vpn-instance-name ] ]
¡ Perform manual soft-reset on IPv4 sessions in BGP IPv6 address family.
refresh bgp [ instance instance-name ] ipv4-address [ mask-length ] { export | import } ipv6 [ unicast ] [ vpn-instance vpn-instance-name ]
Configuring BGP load balancing
About this task
Perform this task to specify the maximum number of BGP ECMP routes for load balancing.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Specify the maximum number of BGP ECMP routes for load balancing.
balance [ ebgp | eibgp | ibgp ] number
By default, load balancing is disabled.
4. (Optional.) Enable BGP to ignore the AS_PATH attribute when it implements load balancing.
balance as-path-neglect
By default, BGP does not ignore the AS_PATH attribute when it implements load balancing.
5. (Optional.) Enable BGP to perform load balancing for routes that have different AS_PATH attributes of the same length.
balance as-path-relax [ ebgp | ibgp ]
By default, BGP cannot perform load balancing for routes that have different AS_PATH attributes of the same length.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Specify the maximum number of BGP ECMP routes for load balancing.
balance [ ebgp | eibgp | ibgp ] number
By default, load balancing is disabled.
4. (Optional.) Enable BGP to ignore the AS_PATH attribute when it implements load balancing.
balance as-path-neglect
By default, BGP does not ignore the AS_PATH attribute when it implements load balancing.
5. (Optional.) Enable BGP to perform load balancing for routes that have different AS_PATH attributes of the same length.
balance as-path-relax [ ebgp | ibgp ]
By default, BGP cannot perform load balancing for routes that have different AS_PATH attributes of the same length.
Configuring the BGP Additional Paths feature
About this task
By default, BGP advertises only one optimal route. When the optimal route fails, traffic forwarding will be interrupted until route convergence completes.
The BGP Additional Paths (Add-Path) feature enables BGP to advertise multiple routes with the same prefix and different next hops to a peer or peer group. When the optimal route fails, the suboptimal route becomes the optimal route, which shortens the traffic interruption time.
You can enable the BGP additional paths sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the Additional Paths capabilities, make sure one end has the sending capability and the other end has the receiving capability.
Procedure (IPv4 unicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
3. Configure the BGP Additional Paths capabilities.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured.
4. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best number
By default, a maximum number of one Add-Path optimal route can be advertised to a peer or peer group.
5. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.
additional-paths select-best best-number
By default, a maximum number of one Add-Path optimal route can be advertised to all peers.
Procedure (IPv6 unicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
3. Configure the BGP Additional Paths capabilities.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured.
4. Set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best number
By default, a maximum number of one Add-Path optimal route can be advertised to a peer or peer group.
5. Set the maximum number of Add-Path optimal routes that can be advertised to all peers.
additional-paths select-best best-number
By default, a maximum number of one Add-Path optimal route can be advertised to all peers.
Configuring BGP optimal route selection delay
About this task
Typically BGP optimal route selection is triggered in real time by the events such as attribute change, configuration change, and route recursion. To avoid packet loss upon switchover between redundant links, you can perform this task to delay optimal route selection.
As shown in Figure 27, BGP runs on all devices in the network. Device A and Device D uses the primary path for communication. When the primary path fails, Device A and Device D switch to the backup path for communication and then back to the primary path after the primary path recovers. In such case, traffic loss might occur if Device A forwards packets through Device B before Device B completes route convergence. You can configure optimal route selection delay on Device A to resolve the problem.
Restrictions and guidelines
Follow these restrictions and guidelines when you configure this feature:
· The optimal route selection delay setting applies only when multiple effective routes with the same prefix exist after a route change occurs.
· For routes being delayed for optimal route selection, modifying the optimal route selection delay timer has the following effects:
¡ If you modify the delay timer to a non-zero value, the routes are not affected, and they still use the original delay timer.
¡ If you execute the undo form of the route-select delay command or modify the delay timer to 0, the device performs optimal route selection immediately.
· If you execute the command multiple times for an address family, the most recent configuration takes effect.
· The optimal route selection delay configuration does not apply to the following conditions:
¡ A route change is caused by execution of a command or by route withdrawal.
¡ After a route change occurs, only one route exists for a specific destination network.
¡ An active/standby process switchover occurs.
¡ A route change occurs among equal-cost routes.
¡ Only the optimal and suboptimal routes exist when FRR is configured.
¡ Optimal route selection is triggered by a redistributed route.
¡ The next hop of the optimal route changes and a route with the same prefix is waiting for the delay timer to expire.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Set the optimal route selection delay timer.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Set the optimal route selection delay timer.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.
Setting the delay time for responding to recursive next hop changes
About this task
Next hop changes include the following types:
· Critical next hop changes—Changes that cause route unreachability and service interruption. For example, a BGP route cannot find a recursive next hop (a physical interface or tunnel interface) because of network failures.
· Noncritical next hop changes—A recursive or related route changes but the change does not cause route unreachability or service interruption. For example, the recursive next hop (a physical interface or tunnel interface) of a BGP route changes but traffic forwarding is not affected.
When recursive or related routes change frequently, configure this feature to reduce unnecessary path selection and update messages and prevent traffic loss.
Restrictions and guidelines
To avoid traffic loss, do not configure this feature if only one route is available to a specific destination.
Set an appropriate delay time based on your network condition. A short delay time cannot reduce unnecessary path selection or update messages, and a long delay time might cause traffic loss.
Procedure (IPv4 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
¡ Enter BGP IPv4 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 multicast
3. Set the delay time for responding to recursive next hop changes.
nexthop recursive-lookup [ non-critical-event ] delay [ delay-value ]
By default, BGP responds to recursive next hop changes immediately.
Procedure (IPv6 unicast/multicast address family)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
¡ Enter BGP IPv6 multicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 multicast
3. Set the delay time for responding to recursive next hop changes.
nexthop recursive-lookup [ non-critical-event ] delay [ delay-value ]
By default, BGP responds to recursive next hop changes immediately.
Configuring peer flap dampening
About this task
Perform this task to dampen a BGP peer when the peer state frequently changes between up and down. BGP increases the idle time of the peer each time the peer comes up until the maximum idle time is reached. To exit the dampened state, the peer must remain in Established state for a time period longer than the minimum established time. After the peer exits the dampened state, BGP resets the idle time of the peer when the peer comes up again.
Set a maximum idle time and a minimum established time based on your network condition.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure flap dampening for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } flap-dampen [ max-idle-time max-time | min-established-time min-time ]*
By default, flap dampening is disabled for all peers and peer groups.
Setting a DSCP value for outgoing BGP packets
About this task
The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Set a DSCP value for outgoing BGP packets.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } dscp dscp-value
By default, the DSCP value for outgoing BGP packets is 48.
Flushing the suboptimal BGP route to the RIB
About this task
This feature flushes the suboptimal BGP route to the RIB when the following conditions are met:
· The optimal route is generated by the network command or is redistributed by the import-route command.
· The suboptimal route is received from a BGP peer.
After the suboptimal route is flushed to the RIB on a network, BGP immediately switches traffic to the suboptimal route when the optimal route fails.
For example, the device has a static route to the subnet 1.1.1.0/24 that has a higher priority than a BGP route. BGP redistributes the static route and receives a route to 1.1.1.0/24 from a peer. After the flush suboptimal-route command is executed, BGP flushes the received BGP route to the RIB as the suboptimal route. When the static route fails, BGP immediately switches traffic to the suboptimal route if inter-protocol FRR is enabled. For more information about inter-protocol FRR, see "Configuring basic IP routing."
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Flush the suboptimal BGP route to the RIB.
flush suboptimal-route
By default, BGP is disabled from flushing the suboptimal BGP route to the RIB, and only the optimal route is flushed to the RIB.
Enabling BGP to not flush specific routes to the routing table
About this task
Perform this task to enable BGP to not flush routes matching the specified routing policy to the routing table.
This feature applies to the following scenarios:
· In an MPLS L3VPN network, all the optimal private BGP routes will be flushed to the routing table of a PE by default. You can configure this feature to prevent unnecessary routes from being flushed to the IP routing table and improve the forwarding performance of the PE.
· In a route reflection network, configure this feature to not flush specific BGP routes to the routing table of the RR. Then, the RR only advertises and receives routes but does not forward service traffic, which saves the system resources of the RR.
Procedure (IPv4 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Execute the following commands in sequence to enter BGP IPv4 unicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv4 unicast address family view:
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
3. Enable BGP to not flush routes matching the specified routing policy to the routing table.
routing-table bgp-rib-only [ route-policy route-policy-name ]
By default, BGP flushes the optimal routes to the routing table.
Procedure (IPv6 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Execute the following commands in sequence to enter BGP IPv6 unicast address family view:
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Execute the following commands in sequence to enter BGP-VPN IPv6 unicast address family view:
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
3. Enable BGP to not flush routes matching the specified routing policy to the routing table.
routing-table bgp-rib-only [ route-policy route-policy-name ]
By default, BGP flushes the optimal routes to the routing table.
Specifying a label allocation mode
About this task
BGP supports the following label allocation modes:
· Per-prefix—Allocates a label to each route prefix.
· Per-next-hop—Allocates a label to each next hop. This mode is applicable when the number of labels required by the per-prefix mode exceeds the maximum number of labels supported by the device.
· Per-VPN-instance—Allocates a label to each VPN instance. This mode is applicable when the number of labels required by the per-next-hop mode exceeds the maximum number of labels supported by the device.
Restrictions and guidelines
When you specify the per-prefix or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.
When you specify the per-VPN instance label allocation mode, do not execute the vpn popgo command because it is mutually exclusive with the label-allocation-mode per-vrf command. The egress PE will pop the label for each packet and forward the packet through the FIB table.
A change to the label allocation mode enables BGP to re-advertise all routes, which will cause service interruption. Use this command with caution.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify a label allocation mode.
label-allocation-mode { per-prefix | per-vrf }
By default, BGP allocates labels on a per-next-hop basis.
Disabling optimal route selection for labeled routes without tunnel information
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Disable optimal route selection for labeled routes without tunnel information.
labeled-route ignore-no-tunnel
By default, labeled routes without tunnel information can participate in optimal route selection.
Recursing unlabeled public BGP routes to LSPs
About this task
To perform IP forwarding on customer packets, carrier network devices must learn a large number of routes. To reduce workload and save resources on carrier network devices, configure this feature to recurse unlabeled public BGP routes to LSPs on user access devices. This feature allows the carrier network devices to forward customer packets based on labels, without the need to learn customer network routes.
After you configure this feature, unlabeled public BGP routes will be preferentially recursed to LSPs. If a route fails to be recursed to an LSP, the route will be recursed to the IP next hop.
Restrictions and guidelines
To recurse unlabeled public IPv6 BGP routes to IPv4 tunnels, you must configure the egress node to assign a non-null label to the penultimate hop. For more information about the penultimate hop popping feature, see basic MPLS configuration in MPLS Configuration Guide.
Procedure (IPv4 unicast)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
4. Recurse unlabeled public BGP routes to LSPs.
unicast-route recursive-lookup tunnel [ prefix-list ipv4-prefix-list-name ] [ tunnel-policy tunnel-policy-name ]
By default, unlabeled public BGP routes are recursed to IP next hops instead of LSPs.
Procedure (IPv6 unicast)
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Recurse unlabeled public BGP routes to LSPs.
unicast-route recursive-lookup tunnel [ prefix-list ipv6-prefix-list-name ] [ tunnel-policy tunnel-policy-name ]
By default, unlabeled public BGP routes are recursed to IP next hops instead of LSPs.
Disabling MPLS local IFNET tunnel establishment
About this task
An MPLS local IFNET tunnel is automatically established between MP-EBGP peers. Only directly connected MP-EBGP peers are able to forward traffic through this tunnel.
For two indirectly connected MP-EBGP peers, traffic between them is interrupted upon failover to the MPLS local IFNET tunnel. To avoid this issue, you can disable BGP from establishing MPLS local IFNET tunnels to the specified EBGP peer or peer group.
Restrictions and guidelines
Disabling MPLS local IFNET tunnel establishment deletes the MPLS local IFNET tunnels already established to the specified EBGP peer or peer group.
Disabling BGP from establishing MPLS local IFNET tunnels to directly connected EBGP peers and peer groups will cause traffic loss. Make sure you fully understand the impact before performing the operation.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Disable MPLS local IFNET tunnel establishment to the specified EBGP peer or peer group.
peer { group name | ipv4-address [ mask-length ] } mpls-local-ifnet disable
By default, MPLS local IFNET tunnel establishment is enabled. Two MP-EBGP peers automatically establish an MPLS local IFNET tunnel after they exchange labeled routes and VPNv4 routes.
Display and maintenance commands for BGP network tuning and optimization
Displaying BGP
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display ORF prefix information received by a peer. |
display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] ipv4-address received prefix-list display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] ipv6-address received prefix-list |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display ORF prefix information received by a peer. |
display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] ipv6-address received prefix-list display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] ipv4-address received prefix-list |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display ORF prefix information received by a peer. |
display bgp [ instance instance-name ] peer ipv4 multicast ipv4-address received prefix-list |
Displaying BGP (IPv6 multicast address family)
|
Task |
Command |
|
Display ORF prefix information received by a peer. |
display bgp [ instance instance-name ] peer ipv6 multicast ipv6-address received prefix-list |
Resetting BGP sessions
Execute reset commands in user view.
|
Task |
Command |
|
Reset all BGP sessions. |
reset bgp [ instance instance-name ] all |
|
Reset BGP sessions for IPv4 unicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | all | external | group group-name | internal } ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] reset bgp [ instance instance-name ] ipv6-address [ prefix-length ] ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Reset BGP sessions for IPv6 unicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] reset bgp ipv4-address [ mask-length ] ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] |
|
Reset BGP sessions for IPv4 multicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | all | external | group group-name | internal } ipv4 multicast |
|
Reset BGP sessions for IPv6 multicast address family. |
reset bgp [ instance instance-name ] { as-number | ipv6-address [ prefix-length ] | all | external | group group-name | internal } ipv6 multicast |
BGP network tuning and optimization configuration examples
Example: Configuring BGP load balancing
Network configuration
As shown in Figure 28, run EBGP between Router A and Router B, and between Router A and Router C. Run IBGP between Router B and Router C.
Configure load balancing over the two EBGP links on Router A.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure BGP connections:
¡ On Router A, establish EBGP connections with Router B and Router C. Configure BGP to advertise network 8.1.1.0/24 to Router B and Router C. This allows Router B and Router C can access the internal network connected to Router A.
¡ On Router B, establish an EBGP connection with Router A and an IBGP connection with Router C. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router B. Configure a static route to interface loopback 0 on Router C (or use a routing protocol like OSPF) to establish the IBGP connection.
¡ On Router C, establish an EBGP connection with Router A and an IBGP connection with Router B. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router C. Configure a static route to interface loopback 0 on Router B (or use another protocol like OSPF) to establish the IBGP connection.
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 3.1.1.1 as-number 65009
[RouterA-bgp-default] peer 3.1.2.1 as-number 65009
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 3.1.1.1 enable
[RouterA-bgp-default-ipv4] peer 3.1.2.1 enable
[RouterA-bgp-default-ipv4] network 8.1.1.0 24
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 65009
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 3.1.1.2 as-number 65008
[RouterB-bgp-default] peer 3.3.3.3 as-number 65009
[RouterB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 3.1.1.2 enable
[RouterB-bgp-default-ipv4] peer 3.3.3.3 enable
[RouterB-bgp-default-ipv4] network 9.1.1.0 24
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
[RouterB] ip route-static 3.3.3.3 32 9.1.1.2
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 65009
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 3.1.2.2 as-number 65008
[RouterC-bgp-default] peer 2.2.2.2 as-number 65009
[RouterC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 3.1.2.2 enable
[RouterC-bgp-default-ipv4] peer 2.2.2.2 enable
[RouterC-bgp-default-ipv4] network 9.1.1.0 24
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
[RouterC] ip route-static 2.2.2.2 32 9.1.1.1
# Display the BGP routing table on Router A.
[RouterA] display bgp routing-table ipv4
Total number of routes: 3
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 8.1.1.0/24 8.1.1.1 0 32768 i
* >e 9.1.1.0/24 3.1.1.1 0 0 65009i
* e 3.1.2.1 0 0 65009i
¡ The output shows two valid routes to destination 9.1.1.0/24. The route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating that it is the optimal route. The route with next hop 3.1.2.1 is marked with an asterisk (*), indicating that it is a valid route, but not the optimal route.
¡ By using the display ip routing-table command, you can find there is only one route to 9.1.1.0/24 with next hop 3.1.1.1 and output interface HundredGigE 1/0/2.
3. On Router A, configure the maximum number of ECMP routes destined for AS 65009 as 2 to improve link usage.
[RouterA] bgp 65008
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] balance 2
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
Verifying the configuration
# Display the BGP routing table on Router A.
[RouterA] display bgp routing-table ipv4
Total number of routes: 3
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
* > 8.1.1.0/24 8.1.1.1 0 32768 i
* >e 9.1.1.0/24 3.1.1.1 0 0 65009i
* >e 3.1.2.1 0 0 65009i
· The output shows that there are two valid routes to the destination 9.1.1.0/24, and both of them are the optimal routes.
· By using the display ip routing-table command, you can find there are two routes to 9.1.1.0/24. One has next hop 3.1.1.1 and output interface HundredGigE 1/0/2, and the other has next hop 3.1.2.1 and output interface HundredGigE 1/0/3.
Example: Configuring the BGP Additional Paths feature
Network configuration
As shown in Figure 29, all routers run BGP. EBGP runs between Router A and Router B, and between Router A and Router C. IBGP runs between Router B and Router D, between Router C and Router D, and between Router D and Router E. Router D is a route reflector and Router E is its client.
Configure the BGP Additional Paths feature to enable Router E to learn routes with the same prefix and different next hops from Router B and Router C.
Table 6 Interface and IP address assignment
|
Device |
Interface |
IP address |
Device |
Interface |
IP address |
|
Router A |
HGE1/0/1 |
10.1.1.1/24 |
Router D |
HGE1/0/1 |
30.1.1.1/24 |
|
|
HGE1/0/2 |
20.1.1.1/24 |
|
HGE1/0/2 |
40.1.1.1/24 |
|
Router B |
HGE1/0/1 |
10.1.1.2/24 |
|
HGE1/0/3 |
50.1.1.1/24 |
|
|
HGE1/0/2 |
30.1.1.2/24 |
Router E |
HGE1/0/1 |
50.1.1.2/24 |
|
Router C |
HGE1/0/1 |
20.1.1.2/24 |
|
|
|
|
|
HGE1/0/2 |
40.1.1.2/24 |
|
|
|
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure BGP connections:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 10
[RouterA-bgp-default] peer 10.1.1.2 as-number 20
[RouterA-bgp-default] peer 20.1.1.2 as-number 20
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable
[RouterA-bgp-default-ipv4] peer 20.1.1.2 enable
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 20
[RouterB-bgp-default] peer 10.1.1.1 as-number 10
[RouterB-bgp-default] peer 30.1.1.1 as-number 20
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable
[RouterB-bgp-default-ipv4] peer 30.1.1.1 enable
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 20
[RouterC-bgp-default] peer 20.1.1.1 as-number 10
[RouterC-bgp-default] peer 40.1.1.1 as-number 20
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 10.1.1.1 enable
[RouterC-bgp-default-ipv4] peer 30.1.1.1 enable
# Configure Router D.
<RouterD> system-view
[RouterD] bgp 20
[RouterD-bgp-default] peer 30.1.1.2 as-number 20
[RouterD-bgp-default] peer 40.1.1.2 as-number 20
[RouterD-bgp-default] peer 50.1.1.2 as-number 20
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 30.1.1.2 enable
[RouterD-bgp-default-ipv4] peer 40.1.1.2 enable
[RouterD-bgp-default-ipv4] peer 50.1.1.2 enable
# Configure Router E.
<RouterE> system-view
[RouterE] bgp 20
[RouterE-bgp-default] peer 50.1.1.1 as-number 20
[RouterE-bgp-default] address-family ipv4 unicast
[RouterE-bgp-default-ipv4] peer 50.1.1.1 enable
3. Configure Router A to advertise network 10.1.1.0/24.
[RouterA-bgp-default-ipv4] network 10.1.1.0 24
4. Set the local router as the next hop for routes sent to a peer:
# Configure Router B.
[RouterB-bgp-default-ipv4] peer 30.1.1.1 next-hop-local
# Configure Router C.
[RouterC-bgp-default-ipv4] peer 40.1.1.1 next-hop-local
5. Configure Router D as a route reflector.
[RouterD-bgp-default-ipv4] peer 50.1.1.2 reflect-client
6. Configure the Additional Paths feature:
# Enable the additional paths sending capability on Router D.
[RouterD-bgp-default-ipv4] peer 50.1.1.2 additional-paths send
# Set the maximum number to 2 for Add-Path optimal routes that can be advertised.
[RouterD-bgp-default-ipv4] additional-paths select-best 2
# Set the maximum number to 2 for Add-Path optimal routes that can be advertised to peer 50.1.1.2.
[RouterD-bgp-default-ipv4] peer 50.1.1.2 advertise additional-paths best 2
# Enable the additional paths receiving capability on Router E.
[RouterE-bgp-default-ipv4] peer 50.1.1.1 additional-paths receive
Verifying the configuration
# Display BGP routing information on Router E.
[Router E] display bgp routing-table ipv4
Total number of routes: 2
BGP local router ID is 50.1.1.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Path/Ogn
i 10.1.1.0/24 30.1.1.2 0 100 0 10i
i 40.1.1.2 0 100 0 10i
The output shows that Router D has learned two routes with the same prefix and different next hops.
Configuring BGP security features
BGP security feature configuration tasks at a glance
To configure BGP security features, perform the following tasks:
· Enabling MD5 authentication for BGP peers
· Enabling keychain authentication for BGP peers
· Configuring IPsec for IPv6 BGP
Enabling MD5 authentication for BGP peers
About this task
MD5 authentication provides the following benefits:
· Peer authentication ensures that only BGP peers that have the same password can establish TCP connections.
· Integrity check ensures that BGP packets exchanged between peers are intact.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable MD5 authentication for a BGP peer group or peer.
peer { group-name | ipv4-address [ mask-length ] } password { cipher | simple } password
By default, MD5 authentication is disabled.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable MD5 authentication for a BGP peer group or peer.
peer { group-name | ipv6-address [ prefix-length ] } password { cipher | simple } password
By default, MD5 authentication is disabled.
Configuring GTSM for BGP
About this task
The Generalized TTL Security Mechanism (GTSM) protects a BGP session by comparing the TTL value in the IP header of incoming BGP packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the BGP packets sent by the device have a TTL of 255.
GTSM provides best protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP sessions because the TTL of packets might be modified by intermediate devices.
Restrictions and guidelines
When GTSM is configured, the local device can establish an EBGP session to the peer after both devices pass GTSM check, regardless of whether the maximum number of hops is reached.
To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure GTSM for the specified BGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } ttl-security hops hop-count
By default, GTSM is disabled.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Configure GTSM for the specified BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } ttl-security hops hop-count
By default, GTSM is disabled.
Enabling keychain authentication for BGP peers
About this task
Keychain authentication enhances the security of BGP in the following ways:
· BGP peers can establish TCP connections only when they use the same key for keychain authentication.
· The keys used by the BGP peers at the same time must have the same ID.
· The keys with the same ID must use the same authentication algorithm and key string.
For more information about keychains, see keychain configuration in Security Configuration Guide.
Restrictions and guidelines
Follow these restrictions and guidelines when you configure the algorithm and key ID in keychain authentication:
· BGP supports the HMAC-MD5, MD5, HMAC-SHA-256, HMAC-SM3, and SM3 algorithms. To configure an algorithm, execute the authentication-algorithm command.
· BGP supports key IDs in the range of 0 to 63. To configure a key ID, execute the key command.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable keychain authentication for a BGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } keychain keychain-name
By default, keychain authentication is disabled.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable keychain authentication for a BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } keychain keychain-name
By default, keychain authentication is disabled.
Configuring IPsec for IPv6 BGP
About this task
Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication for IPv6 BGP packets exchanged between BGP peers.
When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or receives a packet not protected by IPsec, it discards the packet.
Procedure
1. Enter system view.
system-view
2. Configure an IPsec transform set and a manual IPsec profile.
See Security Configuration Guide.
3. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
4. Apply the IPsec profile to an IPv6 BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile profile-name
By default, no IPsec profile is configured for any IPv6 BGP peer or peer group.
This command supports only IPsec profiles in manual mode.
Configuring BGP RPKI
About BGP RPKI
The AS_PATH attribute identifies the ASs through which a route has passed, and the AS that originated the route is the origin AS of the route. If the origin AS number of a route is incorrect, traffic transmission failure or even network collapse might occur.
To avoid this problem, you can configure the BGP Resource Public Key Infrastructure (RPKI) feature. It enables BGP to validate the origin AS of a route and determine whether to use and advertise the route based on the validation state.
Configuring RPKI connection parameters
About this task
A router establishes a TCP connection with an RPKI server to obtain the Route Origin Authorization (ROA) information used for RPKI validation. The router checks the connection to the RPKI server at the specified interval. If the router does not receive a response from the RPKI server within the specified time period, it tears down the connection to the RPKI server.
When the connection between a router and an RPKI server goes down (except when the shutdown command is executed), the router takes the following actions:
· Attempts to reconnect to the server.
· Places the ROA information obtained from the server in aging state, and starts the aging timer for the ROA information.
If the router reconnects to the server before the aging timer expires, it releases the ROA information from the aging state. If the router fails to reconnect to the server when the aging timer expires, it deletes the ROA information obtained from the server.
Restrictions and guidelines
Follow these restrictions and guidelines when you configure RPKI connection parameters:
· As a best practice, set an ROA information aging time longer than the time to wait for the response from the RPKI server.
· To tear down the connection to an RPKI server, execute the undo port command in RPKI server view.
· If you execute the undo rpki command, all configurations in RPKI view are removed.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP RPKI and enter BGP RPKI view.
rpki
4. Specify an RPKI server by its IP address and enter RPKI server view.
server [ vpn-instance vpn-instance-name ] tcp { ipv4-address | ipv6-address }
By default, no RPKI server is specified.
5. Specify the port number of the RPKI server.
port port-number
By default, the port number of the RPKI server is not specified.
To enable a router to establish a TCP connection with the RPKI server, you must configure the port number of the RPKI server on the router.
6. (Optional.) Specify the MD5 authentication password.
passwords { cipher | simple } string
By default, the RPKI server does not perform MD5 authentication.
The MD5 authentication password must be the same as the authentication password configured on the RPKI server.
MD5 authentication ensures the validity of the RPKI server and the security of BGP RPKI packets.
7. (Optional.) Set the RPKI connection check interval.
refresh-time refresh-time
By default, the RPKI connection check interval is 600 seconds.
8. (Optional.) Set the time to wait for the response from the RPKI server.
response-time response-time
By default, the time to wait for the response from the RPKI server is 30 seconds.
9. (Optional.) Set the aging time for the ROA information.
purge-time purge-time
By default, the aging time for the ROA information is 60 seconds.
Enabling BGP RPKI validation
About this task
After you configure this feature, BGP validates the prefix and origin AS number of a received route and places the route to one of the following validation states:
· Not-found—No ROA matches the prefix.
· Valid—One or multiple ROAs match both the prefix and origin AS number.
· Invalid—One or multiple ROAs match the prefix, but none of the ROAs matches the origin AS number.
Restrictions and guidelines
If you configure this feature, BGP uses the local RPKI validation states. If you do not configure this feature, BGP uses the validation states in the received BGP routes.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP RPKI view.
rpki
4. Enable BGP RPKI validation.
check-origin-validation
By default, BGP RPKI validation is disabled.
Applying the BGP RPKI validation state to optimal route selection
About this task
If multiple routes to the same destination are available, BGP first discards routes with unreachable next hops, and then selects the optimal route according to the following rules:
· Routes with a BGP RPKI validation state of Valid takes precedence over routes with a validation state of Not-found or Invalid.
· Routes with a BGP RPKI validation state of Not-found takes precedence over routes with a validation state of Invalid.
· Routes without a BGP RPKI validation state have the same priority as routes with a BGP RPKI validation state of Not-found.
· For routes that have the same BGP RPKI validation state, BGP selects the optimal route according to the rules in "BGP route selection."
You can configure a routing policy to filter routes based on the BGP RPKI validation state. For more information about routing policies, see "Configuring routing policies."
Procedure (IPv4 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
3. Apply the BGP RPKI validation state to optimal route selection.
bestroute origin-as-validation [ allow-invalid ]
By default, BGP ignores the BGP RPKI validation state during optimal route selection.
To allow routes with a validation state of Invalid to participate in optimal route selection, you must specify the allow-invalid keyword.
Procedure (IPv6 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
3. Apply the BGP RPKI validation state to optimal route selection.
bestroute origin-as-validation [ allow-invalid ]
By default, BGP ignores the BGP RPKI validation state during optimal route selection.
To allow routes with a validation state of Invalid to participate in optimal route selection, you must specify the allow-invalid keyword.
Advertising BGP RPKI validation state to a peer or peer group
Restrictions and guidelines
BGP advertises the BGP RPKI validation state to a peer or peer group through the extended community attribute. To enable this feature, you must first enable BGP to advertise the extended community attribute to the peer or peer group and make sure RPKI settings are correct.
In the current software version, BGP can advertise the BGP RPKI validation state only to IBGP peers and peer groups.
Procedure (IPv4 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
3. Advertise the extended community attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-ext-community
By default, BGP does not advertise the extended community attribute.
4. Advertise the BGP RPKI validation state to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation
By default, BGP does not advertise the BGP RPKI validation state.
Procedure (IPv6 unicast)
1. Enter system view.
system-view
2. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
¡ Enter BGP IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
address-family ipv6 [ unicast ]
¡ Enter BGP-VPN IPv6 unicast address family view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
address-family ipv6 [ unicast ]
3. Advertise the extended community attribute to a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise-ext-community
By default, BGP does not advertise the extended community attribute.
4. Advertise the BGP RPKI validation state to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation
By default, BGP does not advertise the BGP RPKI validation state.
Resetting BGP RPKI sessions
Execute the command in user view.
reset bgp [ instance instance-name ] rpki server [ vpn-instance vpn-instance-name ] tcp { ipv4 address | ipv6 address }
Display and maintenance commands for BGP security features
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display information about connections to RPKI servers. |
display bgp [ instance instance-name ] rpki server [ [ vpn-instance vpn-instance-name ] ipv4-address ] |
|
Display the ROA information obtained from RPKI servers. |
display bgp [ instance instance-name ] rpki table ipv4 [ ipv4-address min min-length max max-length ] |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display information about connections to RPKI servers. |
display bgp [ instance instance-name ] rpki server [ [ vpn-instance vpn-instance-name ] ipv6-address ] |
|
Display the ROA information obtained from RPKI servers. |
display bgp [ instance instance-name ] rpki table ipv6 [ ipv6-address min min-length max max-length |
IPv4 BGP security feature configuration examples
Example: Configuring BGP RPKI
Network configuration
As shown in Figure 30, all routers run BGP. Establish a TCP connection between Router A and the RPKI server, and establish an IBGP connection between Router A and Router B.
Configure Router A to advertise the BGP RPKI validation state to Router B, and configure a routing policy to filter routes based on the validation state for Router B.
Procedure
1. Configure IP addresses for interfaces and establish an IBGP connection between Router A and Router B. (Details not shown.)
2. Configure Router A to establish a TCP connection to the RPKI server.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] rpki
[RouterA-bgp-default-rpki] server tcp 1.1.1.2
[RouterA-bgp-default-rpki-server] port 1234
[RouterA-bgp-default-rpki-server] quit
3. Enable BGP RPKI validation on Router A.
[RouterA-bgp-default-rpki] check-origin-validation
[RouterA-bgp-default-rpki] quit
4. Apply the BGP RPKI validation state to optimal route selection.
[RouterA-bgp-default] address-family ipv4
[RouterA-bgp-default-ipv4] bestroute origin-as-validation
5. Configure Router A to advertise the BGP RPKI validation state to peer 1.2.3.2.
[RouterA-bgp-default-ipv4] peer 1.2.3.2 advertise-ext-community
[RouterA-bgp-default-ipv4] peer 1.2.3.2 advertise origin-as-validation
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
6. Configure Router B to permit routes with a BGP RPKI validation state of Valid.
# Configure a routing policy.
<RouterB> system-view
[RouterB] route-policy rpki_policy permit node 0
[RouterB-route-policy-rpki_policy-0] if-match rpki valid
[RouterB-route-policy-rpki_policy-0] quit
# Apply the routing policy.
[RouterB] bgp 100
[RouterB-bgp-default] address-family ipv4
[RouterB-bgp-default-ipv4] peer 1.2.3.1 route-policy rpki_policy import
Verifying the configuration
# Display information about the connection between Router A and the RPKI server.
[RouterA] display bgp rpki server
Server VPN-index Port State Time ROAs(IPv4/IPv6)
1.1.1.2 0 1234 Establish 00:04:43 5/4
The output shows that Router A has established a TCP connection to the RPKI server.
# Display the ROA information on Router A.
[RouterA] display bgp rpki table ipv4
Total number of entries: 5
Status codes: S - stale, U - used
Network Mask-range Origin-AS Server Status
1.2.3.4 8-24 100 1.1.1.2 U
2.2.3.6 8-32 100 1.1.1.2 U
2.2.3.6 10-24 4294967295 1.1.1.2 U
2.2.3.9 20-24 4294967295 1.1.1.2 U
3.2.3.5 8-26 200 1.1.1.2 U
The output shows that Router A has obtained the ROA information from the RPKI server.
# Display the BGP RPKI validation state on Router A.
[RouterA] display bgp routing-table ipv4 1.2.3.0
BGP local router ID: 2.2.2.2
Local AS number: 100
Paths: 1 available, 1 best
BGP routing table information of 1.2.3.0/24:
Imported route.
Original nexthop: 0.0.0.0
Out interface : HundredGigE1/0/1
Route age : 01h28m30s
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Valid
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
The route to 1.2.3.0 matches the ROA with a prefix of 1.2.3.4, a mask length range of 8 to 24, and an origin AS number of 100. Therefore, the BGP RPKI validation state of the route to 1.2.3.0 is Valid.
# On Router B, display detailed information about the BGP IPv4 unicast route to 1.2.3.0.
[RouterB] display bgp routing-table ipv4 1.2.3.0
RR-client route.
From : 1.2.3.1 (192.168.56.22)
Rely nexthop : 1.2.3.1
Original nexthop: 1.2.3.1
Out interface : HundredGigE1/0/1
Route age : 01h28m33s
OutLabel : NULL
Ext-Community : <Origin Valid State: Valid >
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Valid
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
The output displays information about the BGP IPv4 unicast route to 1.2.3.0 because Router B permits routes with a BGP RPKI validation state of Valid.
IPv6 BGP security feature configuration examples
Example: Configuring IPsec for IPv6 BGP packets
Network configuration
As shown in Figure 31, all routers run IPv6 BGP. Establish an IBGP connection between Router A and Router B, and establish an EBGP connection between Router B and Router C.
To enhance security, configure IPsec to protect IPv6 BGP packets.
Procedure
1. Configure IPv6 addresses for interfaces. (Details not shown.)
2. Establish an IBGP connection between Router A and Router B:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] group ibgp internal
[RouterA-bgp-default] peer 1::2 group ibgp
[RouterA-bgp-default] address-family ipv6 unicast
[RouterA-bgp-default-ipv6] peer ibgp enable
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 65008
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] group ibgp internal
[RouterB-bgp-default] peer 1::1 group ibgp
[RouterB-bgp-default] address-family ipv6 unicast
[RouterB-bgp-default-ipv6] peer ibgp enable
[RouterB-bgp-default-ipv6] quit
3. Establish an EBGP connection between Router B and Router C:
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 65009
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] group ebgp external
[RouterC-bgp-default] peer 3::1 as-number 65008
[RouterC-bgp-default] peer 3::1 group ebgp
[RouterC-bgp-default] address-family ipv6 unicast
[RouterC-bgp-default-ipv6] peer ebgp enable
[RouterC-bgp-default-ipv6] quit
[RouterC-bgp-default] quit
# Configure Router B.
[RouterB-bgp-default] group ebgp external
[RouterB-bgp-default] peer 3::2 as-number 65009
[RouterB-bgp-default] peer 3::2 group ebgp
[RouterB-bgp-default] address-family ipv6 unicast
[RouterB-bgp-default-ipv6] peer ebgp enable
[RouterB-bgp-default-ipv6] quit
[RouterB-bgp-default] quit
4. Configure IPsec transform sets and IPsec profiles:
# On Router A, create an IPsec transform set named tran1.
[RouterA] ipsec transform-set tran1
# Set the encapsulation mode to transport mode.
[RouterA-ipsec-transform-set-tran1] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-transform-set-tran1] quit
# Create an IPsec profile named policy001, and specify the manual mode for it.
[RouterA] ipsec profile policy001 manual
# Use IPsec transform set tran1.
[RouterA-ipsec-profile-policy001-manual] transform-set tran1
# Set the SPIs of the inbound and outbound SAs to 12345.
[RouterA-ipsec-profile-policy001-manual] sa spi outbound esp 12345
[RouterA-ipsec-profile-policy001-manual] sa spi inbound esp 12345
# Set the keys for the inbound and outbound SAs using ESP to abcdefg.
[RouterA-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg
[RouterA-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg
[RouterA-ipsec-profile-policy001-manual] quit
# On Router B, create an IPsec transform set named tran1.
[RouterB] ipsec transform-set tran1
# Set the encapsulation mode to transport mode.
[RouterB-ipsec-transform-set-tran1] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran1] quit
# Create IPsec profile named policy001, and specify the manual mode for it.
[RouterB] ipsec profile policy001 manual
# Use IPsec transform set tran1.
[RouterB-ipsec-profile-policy001-manual] transform-set tran1
# Set the SPIs of the inbound and outbound SAs to 12345.
[RouterB-ipsec-profile-policy001-manual] sa spi outbound esp 12345
[RouterB-ipsec-profile-policy001-manual] sa spi inbound esp 12345
# Set the keys for the inbound and outbound SAs using ESP to abcdefg.
[RouterB-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg
[RouterB-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg
[RouterB-ipsec-profile-policy001-manual] quit
# Create an IPsec transform set named tran2.
[RouterB] ipsec transform-set tran2
# Set the encapsulation mode to transport mode.
[RouterB-ipsec-transform-set-tran2] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
[RouterB-ipsec-transform-set-tran2] esp encryption-algorithm des
[RouterB-ipsec-transform-set-tran2] esp authentication-algorithm sha1
[RouterB-ipsec-transform-set-tran2] quit
# Create IPsec profile named policy002, and specify the manual mode for it.
[RouterB] ipsec profile policy002 manual
# Use IPsec transform set tran2.
[RouterB-ipsec-profile-policy002-manual] transform-set tran2
# Set the SPIs of the inbound and outbound SAs to 54321.
[RouterB-ipsec-profile-policy002-manual] sa spi outbound esp 54321
[RouterB-ipsec-profile-policy002-manual] sa spi inbound esp 54321
# Set the keys for the inbound and outbound SAs using ESP to gfedcba.
[RouterB-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba
[RouterB-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba
[RouterB-ipsec-profile-policy002-manual] quit
# On Router C, create an IPsec transform set named tran2.
[RouterC] ipsec transform-set tran2
# Set the encapsulation mode to transport mode.
[RouterC-ipsec-transform-set-tran2] encapsulation-mode transport
# Set the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
[RouterC-ipsec-transform-set-tran2] esp encryption-algorithm des
[RouterC-ipsec-transform-set-tran2] esp authentication-algorithm sha1
[RouterC-ipsec-transform-set-tran2] quit
# Create IPsec profile named policy002, and specify the manual mode for it.
[RouterC] ipsec profile policy002 manual
# Use IPsec transform set tran2.
[RouterC-ipsec-profile-policy002-manual] transform-set tran2
# Set the SPIs of the inbound and outbound SAs to 54321.
[RouterC-ipsec-profile-policy002-manual] sa spi outbound esp 54321
[RouterC-ipsec-profile-policy002-manual] sa spi inbound esp 54321
# Set the keys for the inbound and outbound SAs using ESP to gfedcba.
[RouterC-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba
[RouterC-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba
[RouterC-ipsec-profile-policy002-manual] quit
5. Configure IPsec to protect IPv6 BGP packets between Router A and Router B:
# Configure Router A.
[RouterA] bgp 65008
[RouterA-bgp-default] peer 1::2 ipsec-profile policy001
[RouterA-bgp-default] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp-default] peer 1::1 ipsec-profile policy001
[RouterB-bgp-default] quit
6. Configure IPsec to protect IPv6 BGP packets between Router B and Router C:
# Configure Router C.
[RouterC] bgp 65009
[RouterC-bgp-default] peer ebgp ipsec-profile policy002
[RouterC-bgp-default] quit
# Configure Router B.
[RouterB] bgp 65008
[RouterB-bgp-default] peer ebgp ipsec-profile policy002
[RouterB-bgp-default] quit
Verifying the configuration
# Display detailed information about IPv6 BGP peers on Router B.
[RouterB] display bgp peer ipv6 verbose
Peer: 1::1 Local: 2.2.2.2
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
Update group ID: 0
BGP current state: Established, Up for 00h05m54s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
Port: Local - 24896 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
Peer optional capabilities:
Peer supports BGP multi-protocol extension
Peer supports BGP route refresh capability
Peer supports BGP route AS4 capability
Address family IPv6 Unicast: advertised and received
InQ updates: 0, OutQ updates: 0
NLRI statistics:
Rcvd: UnReach NLRI 0, Reach NLRI 0
Sent: UnReach NLRI 0, Reach NLRI 3
Message statistics:
Msg type Last rcvd time/ Current rcvd count/ History rcvd count/
Last sent time Current sent count History sent count
Open 18:59:15-2013.4.24 1 1
18:59:15-2013.4.24 1 2
Update - 0 0
18:59:16-2013.4.24 1 1
Notification - 0 0
18:59:15-2013.4.24 0 1
Keepalive 18:59:15-2013.4.24 1 1
18:59:15-2013.4.24 1 1
RouteRefresh - 0 0
- 0 0
Total - 2 2
- 3 5
Maximum allowed prefix number: 4294967295
Threshold: 75%
Authentication type configured: None
Minimum time between advertisements is 15 seconds
Optional capabilities:
Multi-protocol extended capability has been enabled
Route refresh capability has been enabled
Peer preferred value: 0
IPsec profile name: policy001
Site-of-Origin: Not specified
Routing policy configured:
No routing policy is configured
Peer: 3::2 Local: 2.2.2.2
Type: EBGP link
BGP version 4, remote router ID 3.3.3.3
Update group ID: 0
BGP current state: Established, Up for 00h05m00s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
Port: Local - 24897 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec
Peer optional capabilities:
Peer supports BGP multi-protocol extension
Peer supports BGP route refresh capability
Peer supports BGP route AS4 capability
Address family IPv6 Unicast: advertised and received
InQ updates: 0, OutQ updates: 0
NLRI statistics:
Rcvd: UnReach NLRI 0, Reach NLRI 0
Sent: UnReach NLRI 0, Reach NLRI 3
Message statistics:
Msg type Last rcvd time/ Current rcvd count/ History rcvd count/
Last sent time Current sent count History sent count
Open 18:59:15-2013.4.24 1 1
18:59:15-2013.4.24 1 2
Update - 0 0
18:59:16-2013.4.24 1 1
Notification - 0 0
18:59:15-2013.4.24 0 1
Keepalive 18:59:15-2013.4.24 1 1
18:59:15-2013.4.24 1 1
RouteRefresh - 0 0
- 0 0
Total - 2 2
- 3 5
Maximum allowed prefix number: 4294967295
Threshold: 75%
Authentication type configured: None
Minimum time between advertisements is 30 seconds
Optional capabilities:
Multi-protocol extended capability has been enabled
Route refresh capability has been enabled
Peer preferred value: 0
IPsec profile name: policy002
Site-of-Origin: Not specified
Routing policy configured:
No routing policy is configured
The output shows that IBGP and EBGP peers are established and both sent and received IPv6 BGP packets are encapsulated by IPsec.
Example: Configuring BGP RPKI
Network configuration
As shown in Figure 32, all routers run IPv6 BGP. Establish a TCP connection between Router A and the RPKI server, and establish an IBGP connection between Router A and Router B.
Configure Router A to advertise the BGP RPKI validation state to Router B, and configure a routing policy to filter routes based on the validation state for Router B.
Procedure
1. Configure IPv6 addresses for interfaces and establish an IBGP connection between Router A and Router B. (Details not shown.)
2. Configure Router A to establish a TCP connection to the RPKI server.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] rpki
[RouterA-bgp-default-rpki] server tcp 1::2
[RouterA-bgp-default-rpki-server] port 1234
[RouterA-bgp-default-rpki-server] quit
3. Enable BGP RPKI validation on Router A.
[RouterA-bgp-default-rpki] check-origin-validation
[RouterA-bgp-default-rpki] quit
4. Apply the BGP RPKI validation state to optimal route selection.
[RouterA-bgp-default] address-family ipv6
[RouterA-bgp-default-ipv6] bestroute origin-as-validation
5. Configure Router A to advertise the BGP RPKI validation state to peer 2001::2.
[RouterA-bgp-default-ipv6] peer 2001::2 advertise-ext-community
[RouterA-bgp-default-ipv6] peer 2001::2 advertise origin-as-validation
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
6. Configure Router B to permit routes with a BGP RPKI validation state of Valid:
# Configure a routing policy.
<RouterB> system-view
[RouterB] route-policy rpki_policy permit node 0
[RouterB-route-policy-rpki_policy-0] if-match rpki valid
# Apply the routing policy.
<RouterB> system-view
[RouterB] bgp 100
[RouterB-bgp-default] address-family ipv6
[RouterB-bgp-default-ipv6] peer 2001::1 route-policy rpki_policy import
Verifying the configuration
# Display information about the connection between Router A and the RPKI server.
[RouterA] display bgp rpki server
Server VPN-index Port State Time ROAs(IPv4/IPv6)
1::2 0 1234 Establish 00:04:43 5/5
The output shows that Router A has established a TCP connection to the RPKI server.
# Display the ROA information on Router A.
[RouterA] display bgp rpki table ipv6
Total number of entries: 5
Status codes: S - stale, U - used
Network Mask-range Origin-AS Server Status
2001:4860:: 32-32 100 1::2 U
2404:6800:: 32-32 100 1::2 U
2607:F8B0:: 28-28 4294967295 1::2 U
2A03:ACE0:: 40-40 4294967295 1::2 U
2001::1 64-64 200 1::2 U
The output shows that Router A has obtained the ROA information from the RPKI server.
# Display the BGP RPKI validation state on Router A.
[RouterA] display bgp routing-table ipv6 2001::1 64
BGP local router ID: 2.2.2.2
Local AS number: 100
Paths: 1 available, 1 best
BGP routing table information of 2001::1/64:
Imported route.
Original nexthop: 0.0.0.0
Out interface : HundredGigE1/0/1
Route age : 01h13m20s
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Valid
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
The route to 2001::1 matches the ROA with a prefix of 2001::1, a prefix length range of 64 to 64, and an origin AS number of 200. Therefore, the BGP RPKI validation state of the route to 2001::1 is Valid.
# On Router B, display detailed information about the BGP IPv6 unicast route to 2001::1.
[RouterB] display bgp routing-table ipv6 2001::1 64
RR-client route.
From : 2001::1 64 (192.168.56.22)
Rely nexthop : 2001::1
Original nexthop: 2001::1
Out interface : HundredGigE1/0/1
Route age : 01h13m22s
OutLabel : NULL
Ext-Community : <Origin Valid State: Valid >
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Invalid
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Tunnel policy : NULL
Rely tunnel IDs : N/A
The output displays information about the BGP IPv6 unicast route to 2001::1 because Router B permits routes with a BGP RPKI validation state of Valid.
Improving BGP network reliability
BGP network reliability improvement tasks at a glance
To improve the BGP network reliability, perform the following tasks:
Configuring BGP GR
About this task
Graceful Restart (GR) ensures forwarding continuous when a routing protocol restarts or an active/standby switchover occurs. Two routers are required to complete a GR process. The following are router roles in a GR process:
· GR restarter—Performs GR upon a BGP restart or active/standby switchover.
· GR helper—Helps the GR restarter to complete the GR process.
A device can act as a GR restarter and GR helper at the same time.
BGP GR works as follows:
1. The BGP GR restarter and helper exchange OPEN messages for GR capability negotiation. If both parties have the GR capability, they establish a GR-capable session. The GR restarter sends the GR timer set by the graceful-restart timer restart command to the GR helper in an OPEN message.
2. When an active/standby switchover occurs or BGP restarts, the GR restarter does not remove existing BGP routes from Routing Information Base (RIB) and Forwarding Information Base (FIB). It still uses these routes for packet forwarding, and it starts the RIB purge timer (set by the graceful-restart timer purge-time command). The GR helper marks all routes learned from the GR restarter as stale instead of deleting them. It continues to use these routes for packet forwarding. During the GR process, packet forwarding is not interrupted.
3. After the active/standby switchover or BGP restart completes, the GR restarter re-establishes a BGP session to the GR helper. If the BGP session fails to be established after both the GR timer and the extra timer to wait expire, the GR helper removes the stale routes. To set the extra timer to wait after the restart timer expires, execute the peer graceful-restart timer restart extra command.
4. If the BGP session is established, routing information is exchanged for the GR restarter to retrieve route entries and for the GR helper to recover stale routes.
5. Both the GR restarter and the GR helper start the End-Of-RIB marker waiting timer.
The End-Of-RIB marker waiting time is set by the graceful-restart timer wait-for-rib command. If routing information exchange is not completed within the time, the GR restarter does not receive new routes. The GR restarter updates the RIB with the BGP routes already learned, and removes the aged routes from the RIB. The GR helper removes the stale routes.
6. The GR restarter quits the GR process if routing information exchange is not completed within the RIB purge timer. It updates the RIB with the BGP routes already learned, and removes the aged routes.
When the TCP connection goes down, the hold timer expires, or the address families that support route exchange changes, BGP tears down and then re-establishes the peer sessions, which will cause traffic interruption. To avoid traffic interruption in these cases, enable BGP to reset peer sessions gracefully.
After BGP completes GR, it advertises updated routes as follows:
· If the routes rely on other protocols, for example, redistributed OSPF routes and routes with MPLS labels, BGP starts a wait timer for these protocols to complete GR. This ensures that incorrect and unreachable routes are not advertised. If the protocols fail to complete GR and notify BGP before the wait timer expires, BGP immediately advertises the routes to ensure normal BGP operation.
· If the routes do not rely on other protocols, BGP immediately advertises the routes.
Restrictions and guidelines
The End-Of-RIB indicates the end of route updates.
The maximum time to wait for the End-of-RIB marker configured on the local end is not advertised to the peer. It controls the time for the local end to receive updates from the peer.
As a best practice, perform the BGP GR configuration on both the GR restarter and GR helper.
When the following conditions exist, BGP might advertise incomplete routes after completing GR:
· The routes rely on other protocols, for example, redistributed OSPF routes.
· BGP maintains a large amount of routing information. In this case, BGP and the protocols take a long time to complete GR.
For BGP to correctly advertise the routes after BGP and the protocols complete GR, set a larger wait timer for BGP.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable GR capability for BGP.
graceful-restart
By default, GR capability is disabled for BGP.
4. (Optional.) Configure the GR timer.
graceful-restart timer restart timer
The default setting is 150 seconds.
The time that a peer waits to re-establish a session must be less than the hold time.
5. (Optional.) Set the extra time to wait after the restart timer expires.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } graceful-restart timer restart extra { time | no-limit }
By default, the extra time to wait after the restart timer expires is 0 seconds.
6. (Optional.) Configure the maximum time to wait for the End-of-RIB marker.
graceful-restart timer wait-for-rib timer
The default setting is 180 seconds.
7. (Optional.) Configure the RIB purge timer.
graceful-restart timer purge-time timer
The default setting is 480 seconds.
8. (Optional.) Configure the time that BGP must wait for other protocols to complete GR after BGP completes GR.
bgp update-delay wait-other-protocol seconds
By default, after BGP completes GR, it must wait a maximum of 300 seconds for other protocols to complete GR.
9. (Optional.) Enable BGP to reset peer sessions gracefully.
graceful-restart peer-reset [ all ]
By default, BGP does not reset peer sessions gracefully.
Configuring BGP NSR
About this task
To use BGP nonstop routing (NSR), the system must have a minimum of two MPUs. NSR ensures nonstop services when BGP has redundant processes on multiple MPUs.
In contrast to GR, NSR does not require a neighbor device to recover routing information.
BGP NSR backs up BGP state and data information from the active BGP process to the standby BGP process. The standby BGP process takes over when any of the following events occurs:
· The active BGP process restarts.
· The MPU that runs the active BGP process fails.
· An ISSU starts on the MPU that runs the active BGP process.
After BGP completes NSR, it advertises updated routes as follows:
· If the routes rely on other protocols, for example, redistributed OSPF routes and routes with MPLS labels, BGP starts a wait timer for these protocols to complete NSR. This ensures that incorrect and unreachable routes are not advertised. If the protocols fail to complete NSR and notify BGP before the wait timer expires, BGP immediately advertises the routes to ensure normal BGP operation.
· If the routes do not rely on other protocols, BGP immediately advertises the routes.
Restrictions and guidelines
When both GR and NSR are configured for BGP, NSR has a higher priority than GR. The device will not act as the GR restarter. If the device acts as a GR helper, it cannot help the restarter to complete GR.
To use BGP NSR in MPLS L3VPN, you must enable RIB NSR. For information about RIB NSR, see "Configuring basic IP routing."
When the following conditions exist, BGP might advertise incomplete routes after completing NSR:
· The routes rely on other protocols, for example, redistributed OSPF routes.
· BGP maintains a large amount of routing information. In this case, BGP and the protocols take a long time to complete NSR.
To ensure BGP advertises the routes after BGP and the protocols complete NSR, set a larger wait timer for BGP.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP NSR.
non-stop-routing
By default, BGP NSR is disabled.
4. (Optional.) Configure the time that BGP must wait for other protocols to complete NSR after BGP completes NSR.
bgp update-delay wait-other-protocol seconds
By default, after BGP completes NSR, it must wait a maximum of 300 seconds for other protocols to complete NSR.
Configuring BFD for BGP
About this task
BGP maintains neighbor relationships based on the keepalive timer and hold timer in seconds. It requires that the hold time must be at least three times the keepalive interval. This mechanism slows down link failure detection. Once a failure occurs on a high-speed link, a large quantity of packets will be dropped before routing convergence completes. BFD for BGP can solve this problem by fast detecting link failures to reduce convergence time.
Before you enable BFD for a BGP peer or peer group, you must establish a BGP session between the local router and the peer or peer group.
For more information about BFD, see High Availability Configuration Guide.
Restrictions and guidelines
If you have enabled GR, use BFD with caution because BFD might detect a failure before the system performs GR, which will result in GR failure. If you have enabled both BFD and GR for BGP, do not disable BFD during a GR process to avoid GR failure.
When you configure BFD parameters for a BGP peer or peer group, follow these restrictions and guidelines:
· When you add a peer to a peer group, the peer will inherit the BFD parameters of the peer group.
· When you configure BFD parameters for a peer group, the configuration takes effect on all peers in the peer group.
· If you configure a BFD parameter multiple times for a peer or peer group, the most recent configuration takes effect.
Procedure (IPv4 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BFD to detect the link to the specified BGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } bfd [ echo | multi-hop | single-hop ]
By default, BFD is disabled.
4. (Optional.) Configure BFD parameters for the specified BGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } bfd parameters { detect-multiplier detect-multiplier | min-receive-interval min-receive-interval | min-transmit-interval min-transmit-interval } *
By default, no BFD parameters are configured for a BGP peer or peer group.
Procedure (IPv6 peers)
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enable BFD to detect the link to the specified IPv6 BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } bfd [ echo | multi-hop | single-hop ]
By default, BFD is disabled.
4. (Optional.) Configure BFD parameters for the specified BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } bfd parameters { detect-multiplier detect-multiplier | min-receive-interval min-receive-interval | min-transmit-interval min-transmit-interval } *
By default, no BFD parameters are configured for a BGP peer or peer group.
Configuring BGP FRR
About BGP FRR
When a link fails, the packets on the link are discarded, and a routing loop might occur until BGP completes routing convergence based on the new network topology.
You can enable BGP fast reroute (FRR) to resolve this issue.
Figure 33 Network diagram for BGP FRR
After you configure FRR on Router B as shown in Figure 33, BGP generates a backup next hop Router C for the primary route. BGP uses ARP (for IPv4), BFD echo packet mode (for IPv4), or ND (for IPv6) to detect the connectivity to Router D. When the link to Router D fails, BGP directs packets to the backup next hop. At the same time, BGP calculates a new optimal route, and forwards packets over the optimal route.
You can use the following methods to configure BGP FRR:
· Method 1—Execute the pic command in BGP address family view. BGP calculates a backup next hop for each BGP route in the address family if there are two or more unequal-cost routes that reach the destination.
· Method 2—Execute the fast-reroute route-policy command to use a routing policy in which a backup next hop is specified by using the command apply [ ipv6 ] fast-reroute backup-nexthop. The backup next hop calculated by BGP must be the same as the specified backup next hop. Otherwise, BGP does not generate a backup next hop for the primary route. You can also configure if-match clauses in the routing policy to identify the routes protected by FRR.
If both methods are configured, Method 2 takes precedence over Method 1.
BGP supports FRR for IPv4 and IPv6 unicast routes, but not for IPv4 and IPv6 multicast routes.
Configuring BGP FRR by using a routing policy (IPv4 unicast address family)
1. Enter system view.
system-view
2. Configure the source address of echo packets.
bfd echo-source-ip ipv4-address
By default, no source address is specified for echo packets.
This step is required when BFD echo packet mode is used to detect the connectivity to the next hop of the primary route.
Specify a source IP address that does not belong to any local network.
For more information about this command, see BFD commands in High Availability Command Reference.
3. Create a routing policy and enter routing policy view.
route-policy route-policy-name permit node node-number
For more information about this command, see routing policy commands in Layer 3—IP Routing Command Reference.
4. Set the backup next hop for FRR.
apply fast-reroute backup-nexthop ipv4-address
By default, no backup next hop is set.
For more information about this command, see routing policy commands in Layer 3—IP Routing Command Reference.
5. Return to system view.
quit
6. Enter BGP instance view.
bgp as-number [ instance instance-name ]
7. (Optional.) Use BFD to detect the connectivity to the next hop of the primary route.
primary-path-detect bfd { ctrl | echo }
By default, ARP is used to detect the connectivity to the next hop.
8. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
¡ Enter BGP IPv4 unicast address family view.
address-family ipv4 [ unicast ]
¡ Enter BGP-VPN IPv4 unicast address family view.
ip vpn-instance vpn-instance-name
address-family ipv4 [ unicast ]
9. Apply a routing policy to FRR for the address family.
fast-reroute route-policy route-policy-name
By default, no routing policy is applied.
The apply fast-reroute backup-nexthop and apply ipv6 fast-reroute backup-nexthop commands can take effect in the applied routing policy. Other apply commands do not take effect.
Configuring BGP FRR by using a routing policy (IPv6 unicast address family)
1. Enter system view.
system-view
2. Create a routing policy and enter routing policy view.
route-policy route-policy-name permit node node-number
For more information about this command, see routing policy commands in Layer 3—IP Routing Command Reference.
3. Set the backup next hop for FRR.
apply ipv6 fast-reroute backup-nexthop ipv6-address
By default, no backup next hop is set.
For more information about this command, see routing policy commands in Layer 3—IP Routing Command Reference.
4. Return to system view.
quit
5. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
6. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
7. Apply a routing policy to FRR for the address family.
fast-reroute route-policy route-policy-name
By default, no routing policy is applied.
The apply fast-reroute backup-nexthop and apply ipv6 fast-reroute backup-nexthop commands can take effect in the applied routing policy. Other apply commands do not take effect.
Configuring BGP FRR through PIC (IPv4 unicast address family)
Restrictions and guidelines
This feature might result in routing loops. Use it with caution.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
address-family ipv4 [ unicast ]
4. Enable BGP FRR through PIC.
pic
By default, BGP FRR is disabled.
Configuring BGP FRR through PIC (IPv6 unicast address family)
Restrictions and guidelines
This feature might result in routing loops. Use it with caution.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
3. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Enable BGP FRR through PIC.
pic
By default, BGP FRR is disabled.
Display and maintenance commands for BGP network reliability improvement
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display BGP NSR status information. |
display bgp [ instance instance-name ] non-stop-routing status |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display BGP NSR status information. |
display bgp [ instance instance-name ] non-stop-routing status |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display BGP NSR status information. |
display bgp [ instance instance-name ] non-stop-routing status |
Displaying BGP (IPv6 multicast address family)
|
Task |
Command |
|
Display BGP NSR status information. |
display bgp [ instance instance-name ] non-stop-routing status |
IPv4 BGP network reliability improvement configuration examples
Example: Configuring BGP GR
Network configuration
As shown in Figure 34, run EBGP between Router A and Router B, and run IBGP between Router B and Router C.
Configure BGP GR so that the communication between Router A and Router C is not affected when an active/standby switchover occurs on Router B.
Procedure
1. Configure Router A:
# Configure IP addresses for interfaces. (Details not shown.)
# Configure the EBGP connection.
<RouterA> system-view
[RouterA] bgp 65008
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 200.1.1.1 as-number 65009
# Enable GR capability for BGP.
[RouterA-bgp-default] graceful-restart
# Inject network 8.0.0.0/8 to the IPv4 BGP routing table.
[RouterA-bgp-default] address-family ipv4
[RouterA-bgp-default-ipv4] network 8.0.0.0
# Enable Router A to exchange IPv4 unicast routing information with Router B.
[RouterA-bgp-default-ipv4] peer 200.1.1.1 enable
2. Configure Router B:
# Configure IP addresses for interfaces. (Details not shown.)
# Configure the EBGP connection.
<RouterB> system-view
[RouterB] bgp 65009
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 200.1.1.2 as-number 65008
# Configure the IBGP connection.
[RouterB-bgp-default] peer 9.1.1.2 as-number 65009
# Enable GR capability for BGP.
[RouterB-bgp-default] graceful-restart
# Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the IPv4 BGP routing table.
[RouterB-bgp-default] address-family ipv4
[RouterB-bgp-default-ipv4] network 200.1.1.0 24
[RouterB-bgp-default-ipv4] network 9.1.1.0 24
# Enable Router B to exchange IPv4 unicast routing information with Router A and Router C.
[RouterB-bgp-default-ipv4] peer 200.1.1.2 enable
[RouterB-bgp-default-ipv4] peer 9.1.1.2 enable
3. Configure Router C:
# Configure IP addresses for interfaces. (Details not shown.)
# Configure the IBGP connection.
<RouterC> system-view
[RouterC] bgp 65009
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 9.1.1.1 as-number 65009
# Enable GR capability for BGP.
[RouterC-bgp-default] graceful-restart
# Enable Router C to exchange IPv4 unicast routing information with Router B.
[RouterC-bgp-default] address-family ipv4
[RouterC-bgp-default-ipv4] peer 9.1.1.1 enable
Verifying the configuration
Ping Router C on Router A. Meanwhile, perform an active/standby switchover on Router B. The ping operation is successful during the whole switchover process. (Details not shown.)
Example: Configuring BFD for BGP
Network configuration
As shown in Figure 35, configure OSPF as the IGP in AS 200.
· Establish two IBGP connections between Router A and Router C. When both paths operate correctly, Router C uses the path Router A<—>Router B<—>Router C to communicate with network 1.1.1.0/24.
· Configure BFD over the path. When the path fails, BFD can quickly detect the failure and notify it to BGP. Then, the path Router A<—>Router D<—>Router C takes effect immediately.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPF so that Router A and Router C can reach each other. (Details not shown.)
3. Configure BGP on Router A:
# Establish two IBGP connections to Router C.
<RouterA> system-view
[RouterA] bgp 200
[RouterA-bgp-default] peer 3.0.2.2 as-number 200
[RouterA-bgp-default] peer 2.0.2.2 as-number 200
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 3.0.2.2 enable
[RouterA-bgp-default-ipv4] peer 2.0.2.2 enable
[RouterA-bgp-default-ipv4] quit
# Create IPv4 basic ACL 2000 to permit 1.1.1.0/24 to pass.
[RouterA] acl basic 2000
[RouterA-acl-ipv4-basic-2000] rule permit source 1.1.1.0 0.0.0.255
[RouterA-acl-ipv4-basic-2000] quit
# Create two routing policies to set the MED for route 1.1.1.0/24. The policy apply_med_50 sets the MED to 50, and the policy apply_med_100 sets the MED to 100.
[RouterA] route-policy apply_med_50 permit node 10
[RouterA-route-policy-apply_med_50-10] if-match ip address acl 2000
[RouterA-route-policy-apply_med_50-10] apply cost 50
[RouterA-route-policy-apply_med_50-10] quit
[RouterA] route-policy apply_med_100 permit node 10
[RouterA-route-policy-apply_med_100-10] if-match ip address acl 2000
[RouterA-route-policy-apply_med_100-10] apply cost 100
[RouterA-route-policy-apply_med_100-10] quit
# Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing policy apply_med_100 to routes outgoing to peer 2.0.2.2.
[RouterA] bgp 200
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 3.0.2.2 route-policy apply_med_50 export
[RouterA-bgp-default-ipv4] peer 2.0.2.2 route-policy apply_med_100 export
[RouterA-bgp-default-ipv4] quit
# Enable BFD for peer 3.0.2.2.
[RouterA-bgp-default] peer 3.0.2.2 bfd
[RouterA-bgp-default] quit
4. Configure BGP on Router C:
# Establish two IBGP connections to Router A.
<RouterC> system-view
[RouterC] bgp 200
[RouterC-bgp-default] peer 3.0.1.1 as-number 200
[RouterC-bgp-default] peer 2.0.1.1 as-number 200
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 3.0.1.1 enable
[RouterC-bgp-default-ipv4] peer 2.0.1.1 enable
[RouterC-bgp-default-ipv4] quit
# Enable BFD for peer 3.0.1.1.
[RouterC-bgp-default] peer 3.0.1.1 bfd
[RouterC-bgp-default] quit
[RouterC] quit
Verifying the configuration
# Display detailed BFD session information on Router C.
<RouterC> display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control packet mode:
Local discr: 513 Remote discr: 513
Source IP: 3.0.2.2 Destination IP: 3.0.1.1
Destination port: 4784 Session state: Up
Interface: N/A
Min Tx interval: 500ms Actual Tx Interval: 500ms
Min Rx interval: 500ms Detection time: 2500ms
Rx count: 135 Tx count: 135
Connect type: Indirect Up duration: 00:00:20
Hold time: 2457ms Auth mode: None
Detection mode: Async Slot: 0
Protocol: BGP
Version:1
Diag info: No Diagnostic
Hardware mode: Disable
The output shows that a BFD session has been established between Router A and Router C.
# Display BGP peer information on Router C.
<RouterC> display bgp peer ipv4
BGP local router ID: 3.3.3.3
Local AS number: 200
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.0.1.1 200 4 5 0 0 00:01:55 Established
3.0.1.1 200 4 5 0 0 00:01:52 Established
The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state.
# Display route 1.1.1.0/24 on Router C.
<RouterC> display ip routing-table 1.1.1.0 24 verbose
Summary count : 1
Destination: 1.1.1.0/24
Protocol: BGP
Process ID: 0
SubProtID: 0x1 Age: 00h00m09s
FlushedAge: 12h24m47s
Cost: 50 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x1 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NibID: 0x15000001 LastAs: 0
AttrID: 0x1 Neighbor: 3.0.1.1
Flags: 0x10060 OrigNextHop: 3.0.1.1
Label: NULL RealNextHop: 3.0.2.1
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
The output shows that Router C communicates with network 1.1.1.0/24 through the path Router C<—>Router B<—>Router A.
# Break down the link Router C<—>Router B<—>Router A and then display route 1.1.1.0/24 on Router C.
<RouterC> display ip routing-table 1.1.1.0 24 verbose
Summary count : 1
Destination: 1.1.1.0/24
Protocol: BGP
Process ID: 0
SubProtID: 0x1 Age: 00h03m08s
FlushedAge: 12h26m45s
Cost: 100 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x1 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 0
NibID: 0x15000000 LastAs: 0
AttrID: 0x0 Neighbor: 2.0.1.1
Flags: 0x10060 OrigNextHop: 2.0.1.1
Label: NULL RealNextHop: 2.0.2.1
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: HundredGigE1/0/2
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
The output shows that Router C communicates with network 1.1.1.0/24 through the path Router C<—>Router D<—>Router A.
Example: Configuring BGP FRR
Network configuration
As shown in Figure 36, configure BGP FRR so that when Link B fails, BGP uses Link A to forward traffic.
Procedure
1. Configure IP addresses for interfaces. (Details not shown.)
2. Configure OSPF in AS 200 to ensure connectivity among Router B, Router C, and Router D. (Details not shown.)
3. Configure BGP connections:
# Configure Router A to establish EBGP sessions to Router B and Router C, and advertise network 1.1.1.1/32.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 10.1.1.2 as-number 200
[RouterA-bgp-default] peer 30.1.1.3 as-number 200
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] peer 10.1.1.2 enable
[RouterA-bgp-default-ipv4] peer 30.1.1.3 enable
[RouterA-bgp-default-ipv4] network 1.1.1.1 32
# Configure Router B to establish an EBGP session to Router A, and an IBGP session to Router D.
<RouterB> system-view
[RouterB] bgp 200
[RouterB-bgp-default] router-id 2.2.2.2
[RouterB-bgp-default] peer 10.1.1.1 as-number 100
[RouterB-bgp-default] peer 4.4.4.4 as-number 200
[RouterB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[RouterB-bgp-default] address-family ipv4 unicast
[RouterB-bgp-default-ipv4] peer 10.1.1.1 enable
[RouterB-bgp-default-ipv4] peer 4.4.4.4 enable
[RouterB-bgp-default-ipv4] peer 4.4.4.4 next-hop-local
[RouterB-bgp-default-ipv4] quit
[RouterB-bgp-default] quit
# Configure Router C to establish an EBGP session to Router A, and an IBGP session to Router D.
<RouterC> system-view
[RouterC] bgp 200
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 30.1.1.1 as-number 100
[RouterC-bgp-default] peer 4.4.4.4 as-number 200
[RouterC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[RouterC-bgp-default] address-family ipv4 unicast
[RouterC-bgp-default-ipv4] peer 30.1.1.1 enable
[RouterC-bgp-default-ipv4] peer 4.4.4.4 enable
[RouterC-bgp-default-ipv4] peer 4.4.4.4 next-hop-local
[RouterC-bgp-default-ipv4] quit
[RouterC-bgp-default] quit
# Configure Router D to establish IBGP sessions to Router B and Router C, and advertise network 4.4.4.4/32.
<RouterD> system-view
[RouterD] bgp 200
[RouterD-bgp-default] router-id 4.4.4.4
[RouterD-bgp-default] peer 2.2.2.2 as-number 200
[RouterD-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[RouterD-bgp-default] peer 3.3.3.3 as-number 200
[RouterD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] peer 2.2.2.2 enable
[RouterD-bgp-default-ipv4] peer 3.3.3.3 enable
[RouterD-bgp-default-ipv4] network 4.4.4.4 32
4. Configure preferred values so Link B is used to forward traffic between Router A and Router D:
# Configure Router A to set the preferred value to 100 for routes received from Router B.
[RouterA-bgp-default-ipv4] peer 10.1.1.2 preferred-value 100
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# Configure Router D to set the preferred value to 100 for routes received from Router B.
[RouterD-bgp-default-ipv4] peer 2.2.2.2 preferred-value 100
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
5. Configure BGP FRR:
# On Router A, configure the source address of BFD echo packets as 11.1.1.1.
[RouterA] bfd echo-source-ip 11.1.1.1
# Create routing policy frr to set a backup next hop 30.1.1.3 (Router C) for the route destined for 4.4.4.4/32.
[RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32
[RouterA] route-policy frr permit node 10
[RouterA-route-policy] if-match ip address prefix-list abc
[RouterA-route-policy] apply fast-reroute backup-nexthop 30.1.1.3
[RouterA-route-policy] quit
# Use BFD echo packet mode to detect the connectivity to Router D.
[RouterA] bgp 100
[RouterA-bgp-default] primary-path-detect bfd echo
# Apply the routing policy to BGP FRR for BGP IPv4 unicast address family.
[RouterA-bgp-default] address-family ipv4 unicast
[RouterA-bgp-default-ipv4] fast-reroute route-policy frr
[RouterA-bgp-default-ipv4] quit
[RouterA-bgp-default] quit
# On Router D, set the source address of BFD echo packets to 44.1.1.1.
[RouterD] bfd echo-source-ip 44.1.1.1
# Create routing policy frr to set a backup next hop 3.3.3.3 (Router C) for the route destined for 1.1.1.1/32.
[RouterD] ip prefix-list abc index 10 permit 1.1.1.1 32
[RouterD] route-policy frr permit node 10
[RouterD-route-policy] if-match ip address prefix-list abc
[RouterD-route-policy] apply fast-reroute backup-nexthop 3.3.3.3
[RouterD-route-policy] quit
# Use BFD echo packet mode to detect the connectivity to Router A.
[RouterD] bgp 200
[RouterD-bgp-default] primary-path-detect bfd echo
# Apply the routing policy to BGP FRR for BGP IPv4 unicast address family.
[RouterD-bgp-default] address-family ipv4 unicast
[RouterD-bgp-default-ipv4] fast-reroute route-policy frr
[RouterD-bgp-default-ipv4] quit
[RouterD-bgp-default] quit
Verifying the configuration
# Display detailed information about the route to 4.4.4.4/32 on Router A. The output shows the backup next hop for the route.
[RouterA] display ip routing-table 4.4.4.4 32 verbose
Summary count : 1
Destination: 4.4.4.4/32
Protocol: BGP Process ID: 0
SubProtID: 0x2 Age: 00h01m52s
FlushedAge: 13h26m47s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 200
NibID: 0x15000003 LastAs: 200
AttrID: 0x5 Neighbor: 10.1.1.2
Flags: 0x10060 OrigNextHop: 10.1.1.2
Label: NULL RealNextHop: 10.1.1.2
BkLabel: NULL BkNextHop: 30.1.1.3
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: HundredGigE1/0/2
Tunnel ID: Invalid IPInterface: InLoopBack0
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
# Display detailed information about the route to 1.1.1.1/32 on Router D. The output shows the backup next hop for the route.
[RouterD] display ip routing-table 1.1.1.1 32 verbose
Summary count : 1
Destination: 1.1.1.1/32
Protocol: BGP Process ID: 0
SubProtID: 0x1 Age: 00h00m36s
FlushedAge: 13h28m49s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0x2 OrigAs: 100
NibID: 0x15000003 LastAs: 100
AttrID: 0x1 Neighbor: 2.2.2.2
Flags: 0x10060 OrigNextHop: 2.2.2.2
Label: NULL RealNextHop: 20.1.1.2
BkLabel: NULL BkNextHop: 40.1.1.3
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: HundredGigE1/0/2
Tunnel ID: Invalid IPInterface: InLoopBack0
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
IPv6 BGP network reliability improvement configuration examples
Example: Configuring BFD for IPv6 BGP
Network configuration
As shown in Figure 37, configure OSPFv3 as the IGP in AS 200.
· Establish two IBGP connections between Router A and Router C. When both paths operate correctly, Router C uses the path Router A<—>Router B<—>Router C to exchange packets with network 1200::0/64.
· Configure BFD over the path. When the path fails, BFD can quickly detect the failure and notify it to IPv6 BGP. Then, the path Router A<—>Router D<—>Router C takes effect immediately.
Procedure
1. Configure IPv6 addresses for interfaces. (Details not shown.)
2. Configure OSPFv3 so that Router A and Router C can reach each other. (Details not shown.)
3. Configure IPv6 BGP on Router A:
# Establish two IBGP connections to Router C.
<RouterA> system-view
[RouterA] bgp 200
[RouterA-bgp-default] router-id 1.1.1.1
[RouterA-bgp-default] peer 2002::2 as-number 200
[RouterA-bgp-default] peer 3002::2 as-number 200
[RouterA-bgp-default] address-family ipv6
[RouterA-bgp-default-ipv6] peer 2002::2 enable
[RouterA-bgp-default-ipv6] peer 3002::2 enable
[RouterA-bgp-default-ipv6] quit
# Create IPv6 basic ACL 2000 to permit 1200::0/64 to pass.
[RouterA] acl ipv6 basic 2000
[RouterA-acl-ipv6-basic-2000] rule permit source 1200:: 64
[RouterA-acl-ipv6-basic-2000] quit
# Create two routing policies to set the MED for route 1200::0/64. The policy apply_med_50 sets the MED to 50, and the policy apply_med_100 sets the MED to 100.
[RouterA] route-policy apply_med_50 permit node 10
[RouterA-route-policy-apply_med_50-10] if-match ipv6 address acl 2000
[RouterA-route-policy-apply_med_50-10] apply cost 50
[RouterA-route-policy-apply_med_50-10] quit
[RouterA] route-policy apply_med_100 permit node 10
[RouterA-route-policy-apply_med_100-10] if-match ipv6 address acl 2000
[RouterA-route-policy-apply_med_100-10] apply cost 100
[RouterA-route-policy-apply_med_100-10] quit
# Apply routing policy apply_med_50 to routes outgoing to peer 3002::2, and apply routing policy apply_med_100 to routes outgoing to peer 2002::2.
[RouterA] bgp 200
[RouterA-bgp-default] address-family ipv6 unicast
[RouterA-bgp-default-ipv6] peer 3002::2 route-policy apply_med_50 export
[RouterA-bgp-default-ipv6] peer 2002::2 route-policy apply_med_100 export
[RouterA-bgp-default-ipv6] quit
# Enable BFD for peer 3002::2.
[RouterA-bgp-default] peer 3002::2 bfd
[RouterA-bgp-default] quit
4. Configure IPv6 BGP on Router C:
# Establish two IBGP connections to Router A.
<RouterC> system-view
[RouterC] bgp 200
[RouterC-bgp-default] router-id 3.3.3.3
[RouterC-bgp-default] peer 3001::1 as-number 200
[RouterC-bgp-default] peer 2001::1 as-number 200
[RouterC-bgp-default] address-family ipv6
[RouterC-bgp-default-ipv6] peer 3001::1 enable
[RouterC-bgp-default-ipv6] peer 2001::1 enable
[RouterC-bgp-default-ipv6] quit
# Enable BFD for peer 3001::1.
[RouterC-bgp-default] peer 3001::1 bfd
[RouterC-bgp-default] quit
[RouterC] quit
Verifying the configuration
# Display detailed BFD session information on Router C.
<RouterC> display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv6 session working in control packet mode:
Local discr: 513 Remote discr: 513
Source IP: 3002::2 Destination IP: 3001::1
Destination port: 4784 Session state: Up
Interface: N/A
Min Tx interval: 500ms Actual Tx interval: 500ms
Min Rx interval: 500ms Detection time: 2500ms
Rx count: 13 Tx count: 14
Connection type: Indirect Up duration: 00:00:05
Hold time: 2243ms Auth mode: None
Detection mode: Async Slot: 0
Protocol: BGP4+
Version: 1
Diag info: No Diagnostic
Hardware mode: Disable
The output shows that a BFD session has been established between Router A and Router C.
# Display BGP peer information on Router C.
<RouterC> display bgp peer ipv6
BGP local router ID: 3.3.3.3
Local AS number: 200
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2001::1 200 8 8 0 0 00:04:45 Established
3001::1 200 5 4 0 0 00:01:53 Established
The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state.
# Display route 1200::0/64 on Router C.
<RouterC> display ipv6 routing-table 1200::0 64 verbose
Summary count : 1
Destination: 1200::/64
Protocol: BGP4+
Process ID: 0
SubProtID: 0x1 Age: 00h01m07s
FlushedAge: 14h22m43s
Cost: 50 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x1 OrigVrf: default-vrf
TableID: 0xa OrigAs: 0
NibID: 0x25000001 LastAs: 0
AttrID: 0x1 Neighbor: 3001::1
Flags: 0x10060 OrigNextHop: 3001::1
Label: NULL RealNextHop: FE80::20C:29FF:FE4A:3873
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router B<—>Router A.
# Break down the path Router C<—>Router B<—>Router A and then display route 1200::0/64 on Router C.
<RouterC> display ipv6 routing-table 1200::0 64 verbose
Summary count : 1
Destination: 1200::/64
Protocol: BGP4+
Process ID: 0
SubProtID: 0x1 Age: 00h00m57s
FlushedAge: 14h26m44s
Cost: 100 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x1 OrigVrf: default-vrf
TableID: 0xa OrigAs: 0
NibID: 0x25000000 LastAs: 0
AttrID: 0x0 Neighbor: 2001::1
Flags: 0x10060 OrigNextHop: 2001::1
Label: NULL RealNextHop: FE80::20C:29FF:FE40:715
BkLabel: NULL BkNextHop: N/A
SRLabel: NULL Interface: HundredGigE1/0/2
BkSRLabel: NULL BkInterface: N/A
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router D<—>Router A.
Example: Configuring IPv6 BGP FRR
Network configuration
As shown in Figure 38, configure BGP FRR so that when Link B fails, BGP uses Link A to forward traffic.
Procedure
1. Configure IPv6 addresses for interfaces. (Details not shown.)
2. Configure OSPFv3 in AS 200 to ensure connectivity among Router B, Router C, and Router D. (Details not shown.)
3. Configure BGP connections:
# Configure Router A to establish EBGP sessions to Router B and Router C, and advertise network 1::/64.
<RouterA> system-view
[RouterA] bgp 100
[RouterA] router-id 1.1.1.1
[RouterA-bgp-default] peer 3001::2 as-number 200
[RouterA-bgp-default] peer 2001::2 as-number 200
[RouterA-bgp-default] address-family ipv6 unicast
[RouterA-bgp-default-ipv6] peer 3001::2 enable
[RouterA-bgp-default-ipv6] peer 2001::2 enable
[RouterA-bgp-default-ipv6] network 1:: 64
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# Configure Router B to establish an EBGP session to Router A, and an IBGP session to Router D.
<RouterB> system-view
[RouterB] bgp 200
[RouterB] router-id 2.2.2.2
[RouterB-bgp-default] peer 3001::1 as-number 100
[RouterB-bgp-default] peer 3002::2 as-number 200
[RouterB-bgp-default] address-family ipv6 unicast
[RouterB-bgp-default-ipv6] peer 3001::1 enable
[RouterB-bgp-default-ipv6] peer 3002::2 enable
[RouterB-bgp-default-ipv6] peer 3002::2 next-hop-local
[RouterB-bgp-default-ipv6] quit
[RouterB-bgp-default] quit
# Configure Router C to establish an EBGP session to Router A, and an IBGP session to Router D.
<RouterC> system-view
[RouterC] bgp 200
[RouterC] router-id 3.3.3.3
[RouterC-bgp-default] peer 2001::1 as-number 100
[RouterC-bgp-default] peer 2002::2 as-number 200
[RouterC-bgp-default] address-family ipv6 unicast
[RouterC-bgp-default-ipv6] peer 2001::1 enable
[RouterC-bgp-default-ipv6] peer 2002::2 enable
[RouterC-bgp-default-ipv6] peer 2002::2 next-hop-local
[RouterC-bgp-default-ipv6] quit
[RouterC-bgp-default] quit
# Configure Router D to establish IBGP sessions to Router B and Router C, and advertise network 4::/64.
<RouterD> system-view
[RouterD] bgp 200
[RouterD-bgp-default] peer 3002::1 as-number 200
[RouterD-bgp-default] peer 2002::1 as-number 200
[RouterD-bgp-default] address-family ipv6 unicast
[RouterD-bgp-default-ipv6] peer 3002::1 enable
[RouterD-bgp-default-ipv6] peer 2002::1 enable
[RouterD-bgp-default-ipv6] network 4:: 64
[RouterD-bgp-default-ipv6] quit
[RouterD-bgp-default] quit
4. Configure preferred values so Link B is used to forward traffic between Router A and Router D:
# Configure Router A to set the preferred value to 100 for routes received from Router B.
[RouterA-bgp-default-ipv6] peer 3001::2 preferred-value 100
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# Configure Router D to set the preferred value to 100 for routes received from Router B.
[RouterD-bgp-default-ipv6] peer 3002::1 preferred-value 100
[RouterD-bgp-default-ipv6] quit
[RouterD-bgp-default] quit
5. Configure BGP FRR:
# On Router A, create routing policy frr to set a backup next hop 2001::2 (Router C) for the route destined for 4::/64.
<RouterA> system-view
[RouterA] ipv6 prefix-list abc index 10 permit 4:: 64
[RouterA] route-policy frr permit node 10
[RouterA-route-policy] if-match ipv6 address prefix-list abc
[RouterA-route-policy] apply ipv6 fast-reroute backup-nexthop 2001::2
[RouterA-route-policy] quit
# Apply the routing policy to BGP FRR for BGP IPv6 unicast address family.
[RouterA] bgp 100
[RouterA-bgp-default] address-family ipv6 unicast
[RouterA-bgp-default-ipv6] fast-reroute route-policy frr
[RouterA-bgp-default-ipv6] quit
[RouterA-bgp-default] quit
# On Router D, create routing policy frr to set a backup next hop 2002::1 (Router C) for the route destined for 1::/64.
<RouterD> system-view
[RouterD] ipv6 prefix-list abc index 10 permit 1:: 64
[RouterD] route-policy frr permit node 10
[RouterD-route-policy] if-match ipv6 address prefix-list abc
[RouterD-route-policy] apply ipv6 fast-reroute backup-nexthop 2002::1
[RouterD-route-policy] quit
# Apply the routing policy to BGP FRR for BGP IPv6 unicast address family.
[RouterD] bgp 200
[RouterD-bgp-default] address-family ipv6 unicast
[RouterD-bgp-default-ipv6] fast-reroute route-policy frr
[RouterD-bgp-default-ipv6] quit
[RouterD-bgp-default] quit
Verifying the configuration
# Display detailed information about the route to 4::/64 on Router A. The output shows the backup next hop for the route.
[RouterA] display ipv6 routing-table 4:: 64 verbose
Summary count : 1
Destination: 4::/64
Protocol: BGP4+ Process ID: 0
SubProtID: 0x2 Age: 00h00m58s
FlushedAge: 13h22m44s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0xa OrigAs: 200
NibID: 0x25000003 LastAs: 200
AttrID: 0x3 Neighbor: 3001::2
Flags: 0x10060 OrigNextHop: 3001::2
Label: NULL RealNextHop: 3001::2
BkLabel: NULL BkNextHop: 2001::2
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: HundredGigE1/0/2
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
# Display detailed information about the route to 1::/64 on Router D. The output shows the backup next hop for the route.
[RouterD] display ipv6 routing-table 1:: 64 verbose
Summary count : 1
Destination: 1::/64
Protocol: BGP4+ Process ID: 0
SubProtID: 0x1 Age: 00h03m24s
FlushedAge: 13h26m33s
Cost: 0 Preference: 255
IpPre: N/A QosLocalID: N/A
Tag: 0 State: Active Adv
OrigTblID: 0x0 OrigVrf: default-vrf
TableID: 0xa OrigAs: 100
NibID: 0x25000003 LastAs: 100
AttrID: 0x4 Neighbor: 3002::1
Flags: 0x10060 OrigNextHop: 3002::1
Label: NULL RealNextHop: 3002::1
BkLabel: NULL BkNextHop: 2002::1
SRLabel: NULL Interface: HundredGigE1/0/1
BkSRLabel: NULL BkInterface: HundredGigE1/0/2
Tunnel ID: Invalid IPInterface: N/A
BkTunnel ID: Invalid BkIPInterface: N/A
InLabel: NULL ColorInterface: N/A
SIDIndex: NULL BkColorInterface: N/A
FtnIndex: 0x0 TunnelInterface: N/A
TrafficIndex: N/A BkTunnelInterface: N/A
Connector: N/A PathID: 0x0
UserID: 0x0 SRTunnelID: Invalid
SID Type: N/A NID: Invalid
FlushNID: Invalid BkNID: Invalid
BkFlushNID: Invalid
Configuring extended BGP features
Extended BGP feature configuration tasks at a glance
To configure extended BGP features, perform the following tasks:
¡ (Optional.) Configuring BGP LS route reflection
¡ (Optional.) Specifying an AS number and a router ID for BGP LS messages
¡ (Optional.) Performing manual soft-reset for BGP sessions of BGP LS or BGP-VPN LS address family
¡ (Optional.) Configuring the BGP Additional Paths feature for 6PE
¡ (Optional.) Controlling path selection for 6PE
¡ (Optional.) Controlling 6PE route advertisement and reception
¡ (Optional.) Tuning and optimizing 6PE
¡ (Optional.) Configuring 6PE route reflection
¡ (Optional.) Resetting 6PE connections
Configuring BMP
About this task
The BGP monitoring protocol (BMP) enables a BGP router (BMP client) to send session status information of the specified peers to BMP servers for monitoring. The session status information includes peer relationship establishment and termination as well as routing information. The BMP client communicates with the BMP servers through TCP connections.
Procedure
1. Enter system view.
system-view
2. Create a BMP server and enter BMP server view.
bmp server server-number
3. Configure an IP address and port number for the BMP server.
server address ipv4-address port port-number
By default, no IP address and port number are configured for the BMP server.
4. Set the interval at which BGP sends statistics information to the BMP server.
statistics-interval value
By default, BGP does not send statistics information to the BMP server.
5. (Optional.) Specify a VPN instance for the BMP server.
server vpn-instance vpn-instance-name
By default, no VPN instance is specified for a BMP server. A BMP server belongs to the public network.
6. (Optional.) Specify the source interface of TCP connections to the BMP server.
server connect-interface interface-type interface-number
By default, BGP uses the primary IPv4 address of the output interface in the optimal route to the BMP server as the source address of TCP connections to the BMP server.
For a BMP server, this command does not take effect if the VPN instance of the specified interface is different from that specified by the server vpn-instance command.
7. (Optional.) Specify the authentication mode and key for the local device to establish TCP connections to the BMP server.
server password { keychain keychain-name | md5 { cipher | simple } string }
By default, the local device establishes TCP connections to the BMP server without authentication.
8. (Optional.) Enable BGP to send routes to the BMP server globally. Choose the options to configure as needed:
¡ Enable BGP to send routes advertised to all the monitored peers and peer groups to the BMP server.
route-mode adj-rib-out [ pre-policy | post-policy | both ]
By default, BGP does not send routes advertised to a monitored peer or peer group to the BMP server.
¡ Enable BGP to send routes received from all the monitored peers and peer groups to the BMP server.
route-mode adj-rib-in [ pre-policy | post-policy | both ]
By default, BGP does not send routes received from a monitored peer or peer group to the BMP server.
¡ Configure BGP to send the optimal routes in the routing table to the BMP server.
route-mode loc-rib
By default, BGP does not send the optimal routes in the routing table to the BMP server.
9. (Optional.) Send route trace information to the BMP server.
bmp-route-trace { ip-prefix-list ipv4-prefix-list-name | ipv6-prefix-list ipv6-prefix-list-name } [ rd-list rd-list-number ]
By default, the device does not send route trace information to the BMP server.
10. Return to system view.
quit
11. Enter BGP instance view or BGP-VPN instance view.
¡ Enter BGP instance view.
bgp as-number [ instance instance-name ]
¡ Enter BGP-VPN instance view.
bgp as-number [ instance instance-name ]
ip vpn-instance vpn-instance-name
12. Specify a peer or peer group to be monitored.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bmp server server-number-list
By default, no peer or peer group is specified.
13. (Optional.) Enable BGP to send routes exchanged with the specified monitored peer or peer group to the BMP server.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-mode { adj-rib-in { pre-policy | post-policy | both } | adj-rib-out { pre-policy | post-policy | both } } *
By default, BGP determines whether to send routes exchanged with a peer or peer group to the BMP server based on the following configurations:
¡ Configuration of the route-mode adj-rib-in command in BMP server view.
¡ Configuration of the route-mode adj-rib-out command in BMP server view.
Configuring BGP LS
About BGP LS
The BGP Link State (LS) feature implements inter-domain and inter-AS advertisement of link state database (LSDB) and TE database (TEDB) information.
The device sends the collected link state information to the controller, which implements end-to-end traffic management and scheduling and meets the requirements of intended applications.
Configuring basic BGP LS
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify an AS number for an LS peer or peer group.
peer { { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } | group-name } as-number as-number
By default, no AS number is specified.
4. Create and enter BGP LS address family view or BGP-VPN LS address family view.
¡ Enter BGP LS address family view.
address-family link-state
¡ Enter BGP-VPN LS address family view.
address-family link-state vpn
5. Enable the device to exchange LS information with the peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } enable
By default, the device cannot exchange LS information with the peer or peer group.
6. (Optional.) Set the optimal route selection delay timer for BGP LS routes.
route-select delay delay-value
By default, the optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.
7. (Optional.) Set the delay time for responding to next hop recursion result changes.
nexthop recursive-lookup [ non-critical-event ] delay [ delay-value ]
By default, BGP responds to next hop recursion result changes immediately.
Configuring BGP LS route reflection
About this task
Perform this task to configure a BGP route reflector and its clients. The route reflector and its clients automatically form a cluster identified by the router ID of the route reflector. The route reflector forwards route updates among its clients.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP LS address family view or BGP-VPN LS address family view.
¡ Enter BGP LS address family view.
address-family link-state
¡ Enter BGP-VPN LS address family view.
address-family link-state vpn
4. Configure the device as a route reflector and specify a peer or peer group as its client.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } reflect-client
By default, no route reflector or client is configured.
5. (Optional.) Enable route reflection between clients.
reflect between-clients
By default, route reflection between clients is enabled.
This command can reduce the number of IBGP connections in an AS.
6. (Optional.) Configure the cluster ID of the route reflector.
reflector cluster-id { cluster-id | ipv4-address }
By default, a route reflector uses its own router ID as the cluster ID.
Specifying an AS number and a router ID for BGP LS messages
About this task
The following issues might occur during LS information collection:
· When two devices in the same AS send the same LS information to the controller, the controller determines the information as different because the LS messages from the two devices have different router IDs. As a result, the controller cannot use the information for unified path calculation.
· After two devices in different ASs complete LS information collection, the controller must perform traffic scheduling based on the network topologies of the two ASs. Because the AS numbers in the LS information sent by the two devices are different, the controller cannot use the information for unified path calculation.
To resolve these issues, perform this task to specify an AS number and a router ID for BGP LS messages.
Restrictions and guidelines
After you configure this feature in BGP LS address family view, the feature takes effect in both the BGP LS and BGP-VPN LS address families.
Procedure
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP LS address family view.
address-family link-state
4. Specify an AS number and a router ID for BGP LS messages.
domain-distinguisher as-number:router-id
By default, the AS number and router ID of the current BGP process are used.
Performing manual soft-reset for BGP sessions of BGP LS or BGP-VPN LS address family
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enable BGP route refresh.
¡ Enable BGP route refresh for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise route-refresh
¡ Enable the BGP route refresh, multi-protocol extension, and 4-byte AS number features for a peer or peer group.
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise conventional
By default, the BGP route refresh, multi-protocol extension, and 4-byte AS number features are enabled.
4. Perform manual soft-reset for sessions of BGP LS or BGP-VPN LS address family:
a. Return to system view.
quit
b. Return to user view.
quit
c. Perform manual soft-reset for sessions of BGP LS address family.
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } link-state
d. Perform manual soft-reset for sessions of BGP-VPN LS address family.
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } link-state vpn
Configuring 6PE
About 6PE
IPv6 provider edge (6PE) is a transition technology that uses MPLS to connect sparsely populated IPv6 networks through an existing IPv4 backbone network. It is an efficient solution for ISP IPv4/MPLS networks to provide IPv6 traffic switching capability.
Figure 39 Network diagram for 6PE
6PE mainly performs the following operations:
· 6PE assigns a label to IPv6 routing information received from a CE router, and sends the labeled IPv6 routing information to the peer 6PE device through an MP-BGP session. The peer 6PE device then forwards the IPv6 routing information to the attached customer site.
· 6PE provides tunnels over the IPv4 backbone so the IPv4 backbone can forward packets for IPv6 networks. The tunnels can be GRE tunnels, MPLS LSPs, or MPLS TE tunnels.
· Upon receiving an IPv6 packet, 6PE adds an inner tag (corresponding to the IPv6 packet) and then an outer tag (corresponding to the public network tunnel) to the IPv6 packet. Devices in the IPv4 backbone network forwards the packet based on the outer tag. When the peer 6PE device receives the packet, it removes the outer and inner tags and forwards the original IPv6 packet to the attached customer site.
To implement exchange of IPv6 routing information, you can configure IPv6 static routing, an IPv6 IGP, or IPv6 BGP between CE and 6PE devices.
For more information about MPLS, MPLS TE, CE, and P, see MPLS Configuration Guide. For more information about GRE, see Layer 3—IP Services Configuration Guide.
Prerequisites
Before you configure 6PE, perform the following tasks:
· Establish tunnels in the IPv4 backbone network (see Layer 3—IP Services Configuration Guide or MPLS Configuration Guide).
· Configure basic MPLS on 6PE devices (see MPLS Configuration Guide).
· Configure BGP on 6PE devices so that they can advertise tagged IPv6 routing information through BGP sessions. The following tasks describe only BGP configurations on 6PE devices.
Configuring basic 6PE
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Specify a 6PE peer or peer group and its AS number.
peer { group-name | ipv4-address [ mask-length ] } as-number as-number
By default, no 6PE peer is specified.
4. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
5. Enable BGP to exchange IPv6 unicast routing information with the 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } enable
By default, BGP cannot exchange IPv6 unicast routing information with a 6PE peer or peer group.
6. Enable BGP to exchange labeled IPv6 routes with the 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } label-route-capability
By default, BGP cannot exchange labeled IPv6 routes with a 6PE peer or peer group.
Configuring the BGP Additional Paths feature for 6PE
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Configure the BGP Additional Paths capabilities for a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } additional-paths { receive | send } *
By default, no BGP Additional Paths capabilities are configured for a 6PE peer or peer group.
5. Set the maximum number of Add-Path optimal routes that can be advertised to a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } advertise additional-paths best number
By default, BGP does not advertise Add-Path optimal routes to a 6PE peer or peer group.
Controlling path selection for 6PE
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Advertise COMMUNITY attribute to a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } advertise-community
By default, the COMMUNITY attribute is not advertised.
5. Advertise extended community attribute to a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } advertise-ext-community
By default, the extended community attribute is not advertised.
6. Remove private AS numbers in BGP updates sent to a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } public-as-only
By default, BGP updates sent to a 6PE peer or peer group can carry both public and private AS numbers.
7. Specify a preferred value for routes received from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } preferred-value value
By default, the preferred value for routes received from a 6PE peer or peer group is 0.
8. Enable BGP to add the link bandwidth attribute to routes received from a 6PE peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } bandwidth
By default, BGP does not add the link bandwidth attribute to routes received from a 6PE peer or peer group.
9. Configure BGP to advertise the AIGP attribute to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } aigp
By default, BGP does not advertise the AIGP attribute to a peer or peer group.
10. Replace the MED value with AIGP value in routes advertised to the specified peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } aigp send med
By default, BGP does not replace the MED value with AIGP value in routes advertised to a peer or peer group.
Controlling 6PE route advertisement and reception
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Advertise a default route to a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } default-route-advertise [ route-policy route-policy-name ]
By default, no default route is advertised to a 6PE peer or peer group.
5. Configure route filtering policies.
¡ Specify an AS path list to filter routes advertised to or received from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } as-path-acl { as-path-acl-number | as-path-acl-name } { export | import }
By default, no AS path list is specified.
¡ Specify an IPv6 ACL to filter routes advertised to or received from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } filter-policy { ipv6-acl-number | name ipv6-acl-name } { export | import }
By default, no IPv6 ACL is specified.
¡ Specify an IPv6 prefix list to filter routes advertised to or received from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } prefix-list ipv6-prefix-list-name { export | import }
By default, no IPv6 prefix list is specified.
¡ Specify a routing policy to filter routes advertised to or received from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } route-policy route-policy-name { export | import }
By default, no routing policy is specified.
6. Save all routes from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } keep-all-routes
By default, routes from a 6PE peer or peer group are not saved.
7. Set the maximum number of routes that BGP can receive from a 6PE peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } route-limit prefix-number [ { alert-only | discard | reconnect reconnect-time } | percentage-value ] *
By default, the number of routes that BGP can receive from a 6PE peer or peer group is not limited.
8. Configure the SoO attribute for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] } soo site-of-origin
By default, no SoO attribute is configured for a peer or peer group.
Tuning and optimizing 6PE
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Allow the local AS number to appear in routes from a 6PE peer or peer group and specify the repeat times.
peer { group-name | ipv4-address [ mask-length ] } allow-as-loop [ number ]
By default, the local AS number is not allowed to appear in routes from a 6PE peer or peer group.
Configuring 6PE route reflection
1. Enter system view.
system-view
2. Enter BGP instance view.
bgp as-number [ instance instance-name ]
3. Enter BGP IPv6 unicast address family view.
address-family ipv6 [ unicast ]
4. Configure the device as a route reflector and a 6PE peer or peer group as a client.
peer { group-name | ipv4-address [ mask-length ] } reflect-client
By default, no route reflector or client is configured.
Resetting 6PE connections
To reset 6PE connections, execute one of the following commands in user view:
· Soft-reset a BGP 6PE connection.
refresh bgp [ instance instance-name ] ipv4-address [ mask-length ] { export | import } ipv6 [ unicast ]
· Reset a BGP 6PE connection.
reset bgp [ instance instance-name ] ipv4-address [ mask-length ] ipv6 [ unicast ]
Display and maintenance commands for extended BGP features
Displaying BGP
Execute display commands in any view.
Displaying BGP (IPv4 unicast address family)
|
Task |
Command |
|
Display BMP server information. |
display bgp [ instance instance-name ] bmp server server-number |
|
Display BGP route trace information. |
display bgp [ instance instance-name ] route-trace { ipv4-address { mask-length | mask } | ipv6-address prefix-length } [ route-distinguisher route-distinguisher ] |
Displaying BGP (IPv6 unicast address family)
|
Task |
Command |
|
Display BGP peer or peer group information. |
display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ ipv4-address mask-length | ipv4-address log-info | [ ipv4-address ] verbose ] |
|
Display BGP IPv6 unicast routing information. |
display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] peer ipv4-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] |
|
Display incoming labels for BGP IPv6 unicast routes. |
display bgp routing-table ipv6 unicast inlabel |
|
Display outgoing labels for BGP IPv6 unicast routes. |
display bgp routing-table ipv6 unicast outlabel |
Displaying BGP (IPv4 multicast address family)
|
Task |
Command |
|
Display BMP server information. |
display bgp [ instance instance-name ] bmp server server-number |
Displaying BGP (LS address family)
|
Task |
Command |
|
Display BGP LS peer group information. |
display bgp [ instance instance-name ] group link-state [ vpn ] [ group-name group-name ] |
|
Display BGP LS information. |
display bgp [ instance instance-name ] link-state [ vpn [ route-distinguisher route-distinguisher ] ] [ ls-prefix [ advertise-info ] | peer { ipv4-address | ipv6-address } { advertised | received } [ statistics ] | statistics ] |
|
Display BGP LS peer or peer group information. |
display bgp [ instance instance-name ] peer link-state [ vpn ] [ ipv4-address mask-length | ipv6-address prefix-length | { ipv4-address | ipv6-address | group-name group-name } log-info | [ ipv4-address | ipv6-address ] verbose ] |
|
Display BGP LS address family update group information. |
display bgp [ instance instance-name ] update-group link-state [ vpn ] [ ipv4-address | ipv6-address ] |
Resetting BGP sessions
Execute reset commands in user view.
|
Task |
Command |
|
Reset BGP sessions for LS address family. |
reset bgp [ instance instance-name ] { as-number | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } link-state [ vpn ] |
Clearing BGP information
Execute reset commands in user view.
|
Task |
Command |
|
Clear BMP server statistics. |
reset bgp [ instance instance-name ] bmp server server-number statistics |
Extended IPv4 BGP feature configuration examples
Example: Configuring BGP LS
Network configuration
As shown in Figure 40, all routers run BGP. Run IBGP between Router A and Router B, between Router B and Router C, and between Router B and Router D.
Configure Router B as a route reflector with client Router A to allow Router A to learn LS information advertised by Router C and Router D.
Procedure
1. Configure IP addresses for interfaces and configure OSPF on Router C and Router D. (Details not shown.)
2. Configure BGP connections:
# Configure Router A.
<RouterA> system-view
[RouterA] bgp 100
[RouterA-bgp-default] peer 192.1.1.2 as-number 100
[RouterA-bgp-default] address-family link-state
[RouterA-bgp-default-ls] peer 192.1.1.2 enable
[RouterA-bgp-default-ls] quit
[RouterA-bgp-default] quit
# Configure Router B.
<RouterB> system-view
[RouterB] bgp 100
[RouterB-bgp-default] peer 192.1.1.1 as-number 100
[RouterB-bgp-default] peer 193.1.1.1 as-number 100
[RouterB-bgp-default] peer 194.1.1.1 as-number 100
[RouterB-bgp-default] address-family link-state
[RouterB-bgp-default-ls] peer 192.1.1.1 enable
[RouterB-bgp-default-ls] peer 193.1.1.1 enable
[RouterB-bgp-default-ls] peer 194.1.1.1 enable
[RouterB-bgp-default-ls] quit
[RouterB-bgp-default] quit
# Configure Router C.
<RouterC> system-view
[RouterC] bgp 100
[RouterC-bgp-default] peer 193.1.1.2 as-number 100
[RouterC-bgp-default] address-family link-state
[RouterC-bgp-default-ls] peer 193.1.1.2 enable
[RouterC-bgp-default-ls] quit
[RouterC-bgp-default] quit
[RouterC] ospf
[RouterC-ospf-1] distribute bgp-ls
[RouterC-ospf-1] area 0
[RouterC-ospf-1-area-0.0.0.0] network 0.0.0.0 0.0.0.0
[RouterC-ospf-1-area-0.0.0.0] quit
[RouterC-ospf-1] quit
# Configure Router D.
<RouterD> system-view
[RouterD] bgp 100
[RouterD-bgp-default] peer 194.1.1.2 as-number 100
[RouterD-bgp-default] address-family link-state
[RouterD-bgp-default-ls] peer 194.1.1.2 enable
[RouterD-bgp-default-ls] quit
[RouterD-bgp-default] quit
[RouterD] ospf
[RouterD-ospf-1] distribute bgp-ls
[RouterD-ospf-1] area 0
[RouterD-ospf-1-area-0.0.0.0] network 0.0.0.0 0.0.0.0
[RouterD-ospf-1-area-0.0.0.0] quit
[RouterD-ospf-1] quit
3. Configure Router B as the route reflector.
[RouterB] bgp 100
[RouterB-bgp-default] address-family link-state
[RouterB-bgp-default-ls] peer 192.1.1.1 reflect-client
[RouterB-bgp-default-ls] quit
[RouterB-bgp-default] quit
Verifying the configuration
# Verify that Router A has learned LS information advertised by Router C and Router D.
[RouterA] display bgp link-state
Total number of routes: 4
BGP local router ID is 192.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, T4 IPv4 route, T6 IPv6 route, u/U unknown,
I Identifier, N local node, R remote node, L link, P prefix,
L1/L2 ISIS level-1/level-2, O OSPF, O3 OSPFv3,
D direct, S static, B BGP,
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n peer-address, o OSPF Route-type, p IP-prefix
d designated router address/interface ID
i Network : [V][O][I0x0][N[c100][b193.1.1.1][a0.0.0.0][r193.1.1.1]]/376
NextHop : 193.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: i
i Network : [V][O][I0x0][N[c100][b194.1.1.1][a0.0.0.0][r194.1.1.1]]/376
NextHop : 194.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: i
i Network : [T4][O][I0x0][N[c100][b193.1.1.1][a0.0.0.0][r193.1.1.1]][P[o0x1][p193.1.1.0/24]]/480
NextHop : 193.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: i
i Network : [T4][O][I0x0][N[c100][b194.1.1.1][a0.0.0.0][r194.1.1.1]][P[o0x1][p194.1.1.0/24]]/480
NextHop : 194.1.1.1 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: i
Extended IPv6 BGP feature configuration examples
Example: Configuring 6PE
Network configuration
Use 6PE to connect two isolated IPv6 networks over an IPv4/MPLS network.
· The ISP uses OSPF as the IGP.
· PE 1 and PE 2 are edge devices of the ISP, and establish an IPv4 IBGP connection between them.
· CE 1 and CE 2 are edge devices of the IPv6 networks, and they connect the IPv6 networks to the ISP.
· A CE and a PE exchange IPv6 packets through IPv6 static routing.
Figure 41 Network diagram
Procedure
|
|
IMPORTANT: By default, interfaces on the device are disabled (in ADM or Administratively Down state). To have an interface operate, you must use the undo shutdown command to enable that interface. |
1. Configure IPv6 addresses and IPv4 addresses for interfaces. (Details not shown.)
2. Configure PE 1:
# Enable LDP globally, and configure the LSP generation policy.
<PE1> system-view
[PE1] mpls lsr-id 2.2.2.2
[PE1] mpls ldp
[PE1-ldp] lsp-trigger all
[PE1-ldp] quit
# Enable MPLS and LDP on HundredGigE 1/0/2.
[PE1] interface hundredgige 1/0/2
[PE1-HundredGigE1/0/2] mpls enable
[PE1-HundredGigE1/0/2] mpls ldp enable
[PE1-HundredGigE1/0/2] quit
# Configure IBGP, enable the peer's 6PE capabilities, and redistribute IPv6 direct and static routes.
[PE1] bgp 65100
[PE1-bgp-default] router-id 2.2.2.2
[PE1-bgp-default] peer 3.3.3.3 as-number 65100
[PE1-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[PE1-bgp-default] address-family ipv6
[PE1-bgp-default-ipv6] import-route direct
[PE1-bgp-default-ipv6] import-route static
[PE1-bgp-default-ipv6] peer 3.3.3.3 enable
[PE1-bgp-default-ipv6] peer 3.3.3.3 label-route-capability
[PE1-bgp-default-ipv6] quit
[PE1-bgp-default] quit
# Configure the static route to CE 1.
[PE1] ipv6 route-static 1::1 128 10::1
# Configure OSPF for the ISP.
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
3. Configure PE 2:
# Enable LDP globally, and configure the LSP generation policy.
<PE2> system-view
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls ldp
[PE2-mpls-ldp] lsp-trigger all
[PE2-mpls-ldp] quit
# Enable MPLS and LDP on HundredGigE 1/0/2.
[PE2] interface hundredgige 1/0/2
[PE2-HundredGigE1/0/2] mpls enable
[PE2-HundredGigE1/0/2] mpls ldp enable
[PE2-HundredGigE1/0/2] quit
# Configure IBGP, enable the peer's 6PE capabilities, and redistribute IPv6 direct and static routes.
[PE2] bgp 65100
[PE2-bgp-default] router-id 3.3.3.3
[PE2-bgp-default] peer 2.2.2.2 as-number 65100
[PE2-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[PE2-bgp-default] address-family ipv6
[PE2-bgp-default-ipv6] import-route direct
[PE2-bgp-default-ipv6] import-route static
[PE2-bgp-default-ipv6] peer 2.2.2.2 enable
[PE2-bgp-default-ipv6] peer 2.2.2.2 label-route-capability
[PE2-bgp-default-ipv6] quit
[PE2-bgp-default] quit
# Configure the static route to CE 2.
[PE2] ipv6 route-static 4::4 128 20::1
# Configure OSPF for the ISP.
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
4. Configure a static route, with PE 1 as the default next hop.
<CE1> system-view
[CE1] ipv6 route-static :: 0 10::2
5. Configure a static route on CE 2, with PE 2 as the default next hop.
<CE2> system-view
[CE2] ipv6 route-static :: 0 20::2
Verifying the configuration
# Display the IPv6 BGP routing tables on PE 1 and PE 2. The output shows that each of them has two IPv6 network routes. The following shows the output on PE 1:
[PE1] display bgp routing-table ipv6
Total number of routes: 5
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
* > Network : 1::1 PrefixLen : 128
NextHop : 10::1 LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* >i Network : 4::4 PrefixLen : 128
NextHop : ::FFFF:3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
* > Network : 10:: PrefixLen : 64
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* > Network : 10::2 PrefixLen : 128
NextHop : ::1 LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* >i Network : 20:: PrefixLen : 64
NextHop : ::FFFF:3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : 1278
MED : 0
Path/Ogn: ?
# Verify that CE 1 can ping the IPv6 address 4::4 (loopback interface address) of CE 2. (Details not shown.)
