Border Gateway Protocol (BGP)

Border Gateway Protocol (BGP) exchanges routing information among neighboring routers in different Autonomous Systems (AS). Arista switches use BGP version 4+, incorporating the multiprotocol extensions defined by RFC 4760 so that BGP can carry both IPv4 and IPv6 routes simultaneously over a single BGP peering.

Arista switches support these BGP functions:
  • A single BGP instance.
  • Simultaneous internal (iBGP) and external (eBGP) peering.
  • Multiprotocol BGP, including IPv4-mapped IPv6 address next hops for IPv6 labeled-unicast routes.
  • BGP Confederations.
  • BGP Selective Route Download.
  • BGP Route Reflection.

BGP Conceptual Overview

BGP is a protocol that exchanges routing information among neighboring routers in different autonomous systems through TCP sessions.

BGP neighbors (peers) communicate through a TCP session on port 179. They are established by manual configuration commands (static peers) or by creating a peer group listen range and accepting incoming peering requests in that range (dynamic peers). Internal BGP (iBGP) peers operate within a single Autonomous System (AS). External BGP (eBGP) peers operate between autonomous systems. Border routers are on AS boundaries and exchange information with other autonomous systems; the primary function of border routers is distributing routes. Internal routers do not distribute route updates that they receive.

BGP defines a state machine for establishing connections. BGP routers maintain a state variable for each peer-to-peer session to track connection status. The state machine consists of these states:
  • Idle: the router initializes BGP resources, refuses inbound BGP connection attempts, initiates a TCP connection to the peer, then transitions to the Connect state.

  • Connect: the router waits for the TCP connection to complete, then sends an OPEN message to the peer and transitions to the OpenSent state if successful. If unsuccessful, it sets the ConnectRetry timer and transitions to the Active state upon expiry.

  • Active: the router sets the ConnectRetry timer to zero and returns to the Connect state.

  • OpenSent: the router waits for an OPEN message from the peer. After receiving a valid message, it transitions to the OpenConfirm state.

  • OpenConfirm: the router waits for a keepalive message from its peer. If the message is received prior to a timeout expiry, the router transitions to the Established state. If the timeout expires or an error condition exists, the router transitions to the Idle state.

  • Established: peers exchange UPDATE messages about routes they advertise. If an UPDATE message contains an error, the router sends a NOTIFICATION message and transitions to the Idle state.

During established BGP sessions, routers exchange UPDATE messages about the destinations to which they offer connectivity. The route description includes the destination prefix, prefix length, autonomous systems in the path, the next hop, and information that affects the acceptance policy of the receiving router. UPDATE messages also list destinations to which the router no longer offers connectivity.

BGP detects and eliminates routing loops while making routing policy decisions by using the network topology as defined by AS paths and path attributes.

Multiprotocol BGP

Multiprotocol BGP facilitates the advertisement of network routes and switch capabilities to neighbors from multiple address families over a single BGP peering. The switch supports IPv4 unicast and IPv6 unicast address families.

Neighbors negotiate to select an address family when establishing a connection. The peer session is based on this address family, which identifies the following:
  • the set of network layer protocols to which the address carried in the Next Hop field must belong.
  • the encoding format of the next-hop address.
  • the semantics of Network Layer Reachability Information (NLRI).

BGP Confederations

BGP confederations divide an Autonomous System (AS) into subsystems (sub-ASs), each identified by a unique sub-AS number, while still appearing externally as a single AS.

QoS Control of Neighbor Discovery and ARP Packets

To help prevent BGP sessions from being affected by dropped neighbor discovery and ARP packets, some Arista switches assign those packets to a higher priority output queue when they are being software forwarded. This helps minimize hardware drops from competition with data plane packets traffic congestion.

Best-path Selection

Routing information received via the BGP protocol often contains more than one route to the same destination: the BGP best-path selection algorithm determines which of these routes will be installed in the routing table. Criteria are evaluated in order; at each step, if there is a tie for best path, the next criterion is applied. If there is still a tie at the end of the process, BGP installs the route received from the peer with the lowest address. When Equal Cost Multi-Path (ECMP) routing is enabled, multiple paths to a single destination may be installed in the IP routing table.

Route preferences can be shaped through configuration choices as described in Configuring Best-path Selection.

BGP Convergence

BGP supports convergence where it waits for all peers to join and receive all the routes from other peers.

Before declaring convergence, BGP also waits for IGP protocols to converge so that all IBGP sessions are established, and routes that were learned over IBGP sessions, are resolved via the IGP routes. BGP declares convergence when it has received route updates from all its peers and End-Of-RIB (EOR) markers from all the expected peers and IGP protocols have converged. Using BGP convergence, you can avoid hardware updates or route advertisement churn during a switch reload or a BGP instance start.

BGP Communities

A BGP community is a group of subnet address prefixes that share a common identifying attribute. Communities simplify routing policies by consolidating IP network spaces into logical entities that BGP speakers can address to accept, prefer, and distribute routing information. BGP communities are defined by setting the community value within route maps. Community lists then reference one or more communities as follows:
  • Standard community lists refer to communities by name or number.
  • Expanded community lists reference communities using regular expressions.

BGP Graceful Shutdown Community

Autonomous System Boundary Routers (ASBRs) do not update all paths received from external BGP sessions and routers. They hide inefficient alternate paths and update only best paths in the routing table. BGP route policies are applied to all internal BGP sessions of ASBRs that support the graceful shutdown procedure.

As a part of maintenance mode, these route policies perform the following functionalities on routing advertisements:
  • Match the graceful shutdown community with route map rules.
  • Set the local preference attribute value of the paths that are tagged with the graceful shutdown community as 0.

Refer to Maintenance Mode for detailed information on maintenance mode.

BGP Labeled-Unicast (LU) path Nexthop resolution over Tunnel RIB Entries

BGP Labeled-Unicast Protocol (BGP LU) path next-hop is enhanced to allow BGP in ribd mode to support resolution of BGP LU path next-hop over entries in the Tunnel RIB and fall-back to resolving over connected route when there is no entry in Tunnel RIB that provides a direct match for the BGP LU path next-hop. Previously, BGP in “ribd” mode allowed resolution of BGP Labeled-Unicast Protocol (BGP LU) path next-hop over only connected routes, resolution of the next-hop over IGP or static routes was not allowed since the next-hop router may not be in the MPLS forwarding path in which case the traffic will get dropped by the next-hop router (per IGP).

The following two use cases explain how BGP LU path next-hop resolution over tunnels would help in achieving desired or efficient traffic forwarding.

Egress Peer Engineering (EPE)

Egress Peer Engineering is a source-routing paradigm that provides ability to select an egress node/interface through which traffic goes out of an Autonomous System (AS). As shown in Figure 1 below R1, R2, ASBR1 & ASBR2 are in AS 1 and E1, E2, E3 & E4 are in different Ases. R1, R2, ASBR1 & ASBR2 could be connected each other directly or reachable to each other over an IGP (OSPF/ISIS) or MPLS tunnel. Let’s assume reachability of loop-back addresses 1.1.1.1, 2.2.2.2, 3.3.3.3 & 4.4.4.4 through LDP or Segment Routing (SR). There exists an iBGP Full Mesh between R1, R2, ASBR1 & ASBR2. eBGP session is present between ASBR1 & E1, ASBR1 & E2, ASBR2 & E3 and ASBR2 & E4. Consider following BGP updates are received on ASBR1:

Prefix 50.0.0.0/8 next-hop 10.0.0.2 as-path 2 100 from E1.

Prefix 50.0.0.0/8 next-hop 11.0.0.2 as-path 3 200 300 from E2.

BGP path from E1 will be selected as best path due to shorter AS path length. ASBR1 advertises this prefix to both R1 & R2. Any traffic destined to prefix 50.0.0.0/8 from R1 will always be tunneled to ASBR1 and then it will always be sent on an interface connected to E1. Traditional Destination based routing enforced by BGP policy and best path selection on the ASBRs may route traffic to a single AS as exit when a case can be made that for some prefixes an exit via some other AS may be preferable. BGP LU can be used here to perform traffic engineering or selecting Egress peer through which traffic should be forwarded.

A Centralized EPE Controller can be used to establish iBGP session with R1 and R2. Let’s assume Controller advertises BGP LU routes for E2, i.e., 11.0.0.2/32, with next-hop set to loop-back IP address of ASBR1, that is, 1.1.1.1 and a label 111 to R1 & R2.

switch# show ip bgp 11.0.0.2/32
BGP routing table information for VRF default
Router identifier 3.3.3.3, local AS number 1
BGP routing table entry for 11.0.0.2/32
Paths: 1 available
 Local
   1.1.1.1 labels [111] from 100.100.100.1 (100.100.100.1)
     Origin IGP, metric 0, localpref 100, IGP metric 40, weight 0, received 
21:07:07 ago, valid, external, not installed
     Rx SAFI: Labels
     Tunnel RIB eligible

BGP LU path next-hop will get resolved over an ISIS SR tunnel present on R1 and R2 to reach 1.1.1.1, loop-back IP address of ASBR1.

switch# show tunnel rib brief
 Endpoint   Tunnel Type  Index(es)   Metric  Metric2 Preference   Preference2
----------- ------------ ---------   ------- ------- -----------  -----------
1.1.1.1/32  IS-IS SR IPv4     5         40       0       115           0

switch#show bgp labeled-unicast tunnel
Index  Endpoint     Nexthop/Tunnel Index Interface Labels Contributing Metric
-----  --------     -------------------- --------- ------ ------------ ------
 1     11.0.0.2/32  IS-IS SR IPv4 (5)        -     [ 111 ]    Yes        0

Metric 2 Pref Pref 2
-------- ---- ------
 100     200    0

switch#show isis segment-routing tunnel
  Index       Endpoint          Nexthop            Interface        Labels
--------      ----------        -------            ---------        ----------
    5         1.1.1.1/32        6.6.6.6            Ethernet 5       [ 900001 ]

Controller or CLI can be used to install a static label route on ASBR1 such that ingress label 111 have a forwarding action of “POP and forward” to next-hop (11.0.0.2) in MPLS forwarding table.

switch# show mpls lfib route
MPLS forwarding table (Label [metric] Vias) - 20 routes
MPLS next-hop resolution allow default route: False
Via Type Codes:
         M - Mpls Via, P - Pseudowire Via,
         I - IP Lookup Via, V - Vlan Via,
         VA - EVPN Vlan Aware Via, ES - EVPN Ethernet Segment Via,
         VF - EVPN Vlan Flood Via, AF - EVPN Vlan Aware Flood Via,
         NG - Nexthop Group Via
Source Codes:
         S - Static MPLS Route, B2 - BGP L2 EVPN,
         B3 - BGP L3 VPN, R - RSVP,
         P - Pseudowire, L - LDP,
         IP - IS-IS SR Prefix Segment, IA - IS-IS SR Adjacency Segment,
         IL - IS-IS SR Segment to LDP, LI - LDP to IS-IS SR Segment,
         BL - BGP LU, ST - SR TE Policy,
         DE - Debug LFIB

S   111      [100]
               via M, 11.0.0.2, pop
                payload ipv4, apply egress-acl
                interface Ethernet 4

For prefixes to which traffic should be sent over interface connected E2 controller will advertise a BGP route with next-hop being BGP LU prefix and higher local-preference compared to paths advertised by ASBR1 and ASBR2, so that path received from controller will be preferred over paths coming from ASBR1 and ASBR2.

switch# show ip bgp 50.0.0.0/8
BGP routing table information for VRF default
Router identifier 3.3.3.3, local AS number 1
BGP routing table entry for 50.0.0.0/8
Paths: 3 available
 Local
   11.0.0.2 from 100.100.100.1 (100.100.100.1)
     Origin IGP, metric 0, localpref 200, IGP metric 0, weight 0, received 00:00:15 
ago, valid, internal, best
     Rx SAFI: Unicast
 2 100
   1.1.1.1 from 1.1.1.1 (1.1.1.1)
     Origin IGP, metric 0, localpref 100, IGP metric 0, weight 0, received 00:04:49 
ago, valid, internal
     Rx SAFI: Unicast
 2 200 300
   2.2.2.2 from 2.2.2.2 (2.2.2.2)
     Origin IGP, metric 0, localpref 100, IGP metric 0, weight 0, received 00:30:38 
ago, valid, internal
     Rx SAFI: Unicast

This results in pushing two labels on R1, top label is the label corresponding to ISIS SR tunnel to reach ASBR1 and bottom label is the label that corresponds to egress interface. Similarly LU route for12.0.0.0.2 or 13.0.0.2 can be advertised from controller to select egress peer between E3 and E4. This approach provides Egress peer selection on an ingress router R1/R2.

switch# show ip route 50.0.0.0/8
VRF: default
Codes: C - connected, S - static, K - kernel,
      O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
      E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
      N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
      R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
      O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
      NG - Nexthop Group Static Route, V - VXLAN Control Service,
      DH - DHCP client installed default route, M - Martian,
      DP - Dynamic Policy Route

B I    50.0.0.0/8 [200/0] via 11.0.0.2/32, BGP LU tunnel index 1
                             via 6.6.6.6, Ethernet 5, label 900001 111

Inter-AS Option C

Inter-AS Option C is an efficient and scalable MPLS IP VPN solution to provide connectivity between two sites of a customer connected to Provider Edge (PE) routers in different ASes. Following diagram shows a typical topology.

PE1 and ASBR1 and PE2 and ASBR2 distribute loop-back addresses using an IBGP Labeled Unicast (LU) session. ASBR2 advertises system addresses in AS200 to ASBR1 with next-hop as itself over EBGP LU session between them and installing Label swap entry of label sent to ASBR1 (L2) to label received from PE2 (L1) in MPLS forwarding table. ASBR1 further propagates system addresses in AS200 learned from ASBR2 into AS100 or to PE1 using IBGP LU session with next-hop as itself and installing Label swap entry with label advertised to PE1 (L3) to Label received from ASBR2 (L2) in MPLS forwarding table. Similarly ASBR1 sends system addresses in AS100 to ASBR2 over EBGP LU session, ASBR2 forwards them into AS200 or to PE2 using IBGP LU session with itself as next-hop and this would trigger installing appropriate label swap actions into MPLS forwarding table. These advertisements results in the creation of a label switched path from PE1 to PE2.

PE1 and PE2 exchange VPN routes between each other using a Multi hop EBGP session with next-hop being their own loop-back/system addresses. This method eliminates the requirement of storing or sending/receiving VPN routes at ASBR routers. When PE and ASBR routers are non-adjacent, but in the same AS, then LDP or ISIS-SR can be used as a transport label signaling protocol and this would need resolving BGP LU path next-hop over LDP or ISIS-SR tunnel. An IP packet destined to an address in CE1 site 2 is received on PE1 from CE1 site 1 PE1 would need to push 3 labels onto it. Bottom label corresponds to packet destination address in a particular VRF of CE1 site 2 advertised by PE2 to PE1 over Multi hop EBGP session, Middle label belongs to PE2 system address sent by ASBR1 and top label corresponding to ASBR1 system address assigned by transport label signaling protocol.

BGP Selective Route Download

BGP Selective Route Download allows the learning and advertising of BGP routes without installing them in hardware. The BGP routes are filtered before installation in hardware through the route map definition and routes that are filtered out are flagged as inactive in the Routing Information Base (RIB).

The route map used for filtering is applied only to BGP learned paths and not on locally originated routes, for example, BGP aggregate or redistributed routes. Also, because the BGP routes filtered by Selective Route Download are not active in the RIB, they are not used for recursive resolution, they are not redistributed into other protocols, and they do not contribute to BGP aggregates.

When BGP Selective Route Download is configured, the best path for peer advertisement is chosen based on the following aspects. If received BGP paths exist, then the best of them is advertised to BGP peers, else, the aggregate is preferred if configured and active. If neither BGP paths nor a BGP aggregate is available, then the RIB winner is advertised.

Note: The number of routes is limited based on the compute and memory resources available at runtime.

BGP Route Reflector

A BGP route reflector is a switch within an autonomous system that forwards route information learned from iBGP peers to other iBGP peers as an alternative to a full-mesh topology. When the switch is configured as a route reflector it can also be configured to preserve the BGP attributes of the reflected routes (next-hop, local preference, and metric) in its route advertisements regardless of outbound BGP policies.

BGP Nexthop Resolution RIBs: EVPN and IPV4/6 Labeled-Unicast Support

Adds the BGP Nexthop Resolution RIBs feature for EVPN and labeled-unicast address families.

BGP Nexthop Resolution RIBs: EVPN and IPV4/6 Labeled-Unicast Support adds support for user-configured BGP Nexthop Resolution RIB profiles for various BGP-based services such as IP unicast, L3 VPN, EVPN, etcetra. This feature allows an administrator to customize the next hop resolution semantics of BGP routes with an ordered list, or profile, of resolution RIB domains (for example, either tunnel or IP domain). This allows EOS to direct specific services over the specified RIB domains, overriding the default behavior. Further, this feature, through the use of user-defined tunnel RIBs, empowers an administrator to further select a subset of tunneling protocols for specific services.

Note: This feature is only available when running the multi-agent routing protocol model.

Support for Set Large Community List Limitations

Resolution of NLRI from (directly connected) eBGP Speakers

For IPv4 or IPv6 unicast NLRI received from eBGP, directly connected BGP sessions are resolved by only using connected routes, or system-connected, in the parlance of this feature. This feature does not change this behavior, nor will configuration of a non-default resolution profile affect this behavior.

Address Family Profile Restrictions
Certain BGP address families only support a subset of possible next-hop resolution profiles. This section documents such limitations.
Address familyRestriction
IPv4/IPv6 unicast (non 6PE)None.
IPv6 unicast 6PEOnly supports tunnel domains*.
IPv4/IPv6 unicast (eBGP directly connected)Only supports system-connected; Not configurable.
IPv4/IPv6 VPNOnly supports tunnel domains* and system-connected.
IPv4/IPv6 LUOnly supports tunnel domains* and system-connected.
EVPN (MPLS)Only supports tunnel domains* and system-connected.
EVPN (VXLAN)Only supports IP domains+.

* Tunnel domains refer to tunnel RIBs, e.g. system-colored-tunnel-rib, system-tunnel-rib, or user-defined tunnel RIBs.

+ IP domains are either of system-unicast-rib or system-connected.

BGP Logical OR of Multiple Community Lists in the Same Match Command

In the multi-agent routing protocol model, the BGP agent now supports matching community lists with a logical OR via the route map match community or-results command (same applies for extended and large communities with match extcommunity and match large-community).

Without the or-results portion of the command, the default is to compute the logical AND of all provided community lists. Before, one would need to merge existing community lists into one to do a logical OR:

Issue:
ip community-list COMMLIST1 permit 1:1
ip community-list COMMLIST2 permit 2:2

! No way to match "COMMLIST1" or "COMMLIST2" in a singe
! route-map sequence
match community COMMLIST1 COMMLIST2

Workaround:
ip community-list standard mergedCommunityList permit 1:1
ip community-list standard mergedCommunityList permit 2:2

match community mergedCommunityList

Limitations

This feature is available only when configuring BGP in the multi-agent routing protocol model.

BGP Flowspec

The EOS Release 4.21.3F introduces support for BGP Flowspec, as defined in RFC5575 and RFC7674. The typical use case is to filter or redirect DDoS traffic on edge routers.

BGP Flowspec rules are disseminated using a new BGP address family. The rules include both matching criteria used to match traffic, and actions to perform on the matching traffic. The rules are programmed into TCAM resources and applied on the ingress ports for which flowspec is enabled.

Release Updates

EOS Release 4.x enhancements:
  • Added support for BGP Flowspec applied to SVI.
  • BGP Flowspec releases TCAM banks as they are no longer needed to store matches. Previously, once TCAM banks allocated to BGP Flowspec, they never released.

EOS Release 4.22.0 Enhancements:
  • Added support for redirect over MPLS or GRE Tunnels.
  • Added support for traffic-rate action.

EOS Release 4.22.1 Enhancements:

Added support for hitless rule updates. This enhancement ensures that persistent filtering rules remain active while other filtering rules update, for example, a BGP Peer publishes or withdraws rules.

EOS Release 4.23.1 Enhancements:
  • Added support for best-effort rule programming. When a switch receives more filtering rules from BGP neighbors than can fit within TCAM hardware, it programs the highest priority Flowspec rules up to the maximum TCAM available on a per-ASIC basis. The maximum TCAM available could either be the per-ASIC maximum free TCAM banks or the limit set by feature flow-spec bank maximum tcam in the hardware sub-configuration. (LIMITATION - the best-effort rule programming does not apply when Flowspec rules, after expansion into HW TCAM entries, occupy more than 24k 160b IPv4 or 320b IPv6 HW TCAM entries. In this case, programming fails, and no flowspec rules are programmed in hardware. This limitation is resolved in EOS Release 4.24.2).
  • Added support for traffic-marking action. To enable traffic-marking action, the feature flow-spec port (ipv4|ipv6) command of the active TCAM profile must include action set-dscp.
  • Added support for packet length (Type 10) component match on IPv4 packets. To enable matching on IPv4 packet length, the feature flow-spec port ipv4 command of the active TCAM profile must include keyword field ip-length.
EOS Release 4.23.2 Enhancements:
  • Added support for configuring BGP Flowspec in a non-default VRF. Only a single VRF is supported.
  • Added support for packet length (Type 10) component match on IPv6 packets. To enable matching on IPv6 packet length, the feature flow-spec port ipv6 command of the active TCAM profilemust include the keword field ipv6-length.

EOS Release 4.24.0 Enhancements:

Added support for configuring BGP Flowspec on subinterfaces. To enable subinterface support, the TCAM profile of the flow-spec feature must include port qualifier size 3 bits (see Flowspec TCAM Profile and Flowspec Policer TCAM Profile below).

EOS Release 4.24.1 Enhancements:
  • Added support for BGP Flowspec in the DCS-7500R3 and DCS-7280R3 series.
  • Added support for configuring BGP Flowspec in multiple VRFs.

EOS Release 4.24.2 Enhancements:

Removed EOS Release 4.23.1 limitation to best effort programming.

EOS Release 4.25.2 Enhancements:
  • Added support for BGP Flowspec applied to SVI.
  • BGP Flowspec releases TCAM banks when no longer needed to store matches. Previously, once TCAM banks allocated to BGP Flowspec, they never released.

EOS Release 4.30.0F Enhancements
  • Added support for below and above police counters.
EOS Release 4.30.1F Enhancements
  • Added support for the source VRF override the configuration and apply flowspec rules received in a different VRF.
EOS Release 4.30.2F Enhancements
  • Added support for displaying per-match byte counters in addition to packet counters in the output of show flow-spec.
EOS Release 4.31.1F Enhancements
  • Added support tor traffic-rate-packets policing action from RFC8955.
EOS Release 4.32.0F Enhancements
  • Added support for Flowspec counter telemetry.

Limitations

BGP BGP FlowSpec Functionality
  • BGP BGP FlowSpec supports the following actions:

    To redirect to a nexthop, IP RIB must have a route to resolve the specified nexthop. When redirecting to a VRF, a default route for the VRF must be configured and traffic sent to the nexthop for the default route in this VRF.

  • Prior to version EOS Release 4.22.0, to redirect to a nexthop or VRF, the resolving route cannot use the MPLS VPN or GRE tunnel, so the resolving route must have regular IP nexthop(s) for the redirect action. This limitation removed in EOS Release 4.22.0, except for the IPv6 GRE tunnels support for redirect action.

  • All matching components described in RFC 5575 supported, except for the following known caveats:
    • For TCP flags, the ECE, CWR, and NS flags not supported.
    • For fragment flags, only the Is a fragment (IsF) bit supported only for IPv4 packets. Combining source and destination ports and the Fragment flags in the same rule not supported.

  • When enabling support for BGP FlowSpec policer, EOS disables the BGP FlowSpec counter feature due to a hardware limitation.

  • Beginning with EOS Release 4.23.2, the BGP FlowSpec address family can be configured in a non-default VRF. However, only a single VRF (default or non-default) may be used on EOS Release 4.24.0 or earlier versions.

  • The additional BGP NLRI type (AFI=1, SAFI=134) which can be used to propagate traffic filtering information in a BGP/MPLS VPN environment not supported.

  • The validation procedure described in RFC 5575 not supported. Any received BGP FlowSpec rules considered valid.

  • EOS Release 4.32.0F introduced support for BGP FlowSpec counter telemetry. BGP FlowSpec couters update periodically based on a specified interval. Currently, EOS supports an interval between 30 and 300 seconds. To enable BGP FlowSpec counter telemetry, use the following command:
flow-spec
counters poll interval 30-300 seconds

BGP Limitations
  • EOS does not support BGP FlowSpec rules for ECMP. If BGP FlowSpec receives the same rule from two peers and ECMP configured, only the actions received from the ECMP head apply.
  • BGP Graceful Restart not supported.
  • Policies applied on the BGP FlowSpec NLRI not supported. This means that prefix-list matching rules in a route-map do not match against BGP FlowSpec rules.
  • BGP Additional Paths Send functionality not supported.

Platform Limitations
  • BGP FlowSpec rules can only be applied to traffic received on routed Ethernet and Port-Channel interfaces in the initial release. Beginning with EOS Release 4.24.0, support for L3 subinterfaces added. Beginning with EOS Release 4.25.0, support for SVIs added. L2 interfaces not supported.

  • Counters can either be reported for BGP FlowSpec or ACLs, but not both.

  • With EOS Release 4.24.1 and earlier versions, if the number of flow-spec rules exceed the available hardware TCAM resources, EOS removes all rules and logs a message.

  • Reinstalling the entire set of BGP FlowSpec rules removes all existing rules from the hardware.

Scaling Limits
  • that are supported in BGP FlowSpec depend on the match criteria of each rule. Assuming that BGP FlowSpec is the only TCAM feature enabled on the switch, it attempts to use all of the TCAM space available (24K entries per chip) in the forwarding chip. Simple BGP FlowSpec IPv4 rules map to one entry, allowing a max of 24K rules. Simple IPv6 rules each take two entries with a maximum of 12K rules.

  • Some types of rules expand into multiple entries in the TCAM, for example, port ranges. Combining source and destination port ranges in a single rule multiplies the number of entries necessary to cover all combinations, which can quickly consume all of the TCAM space.

  • The BGP FlowSpec and BGP FlowSpec Policer TCAM profiles support configuring the feature on up to seven VRFs starting with EOS Release 4.24.1. This scale can be adjusted with the number of bits in the feature's port qualifier size at the expense of removing other TCAM key fields.

  • Make-before-break policer allocation affects scaling limits.

Support for Set Large Community List

EOS adds support to use large community lists in the set large community route map set clause.

The Support for Set Large Community List feature allows a large community list to be shared between a number of route maps. Changes to the large community list then affect all route-maps which use this list. This makes applying the same policy change to different inbound and outbound communication easier.

Properties of large communities and how to create large community lists are not be covered as those are described here.

Configuring Support for Set Large Community List

The following commands have been added to route map configuration:

set large-community large-community-list LIST1 [LIST2][additive | delete]

no set large-community large-community-list LIST1 [LIST2][additive | delete]

default set large-community large-community-list LIST1 [LIST2][additive | delete]

The following command replaces the large community value of the contents of the permit sequences of the specified large community list. It is possible to specify more than one large community list to the set clause. In this example, the community values in permit sequences in the lists are concatenated and applies in the set clause.

set large-community large-community-list LIST1 [LIST2]

no set large-community large-community-list LIST1 [LIST2]

default set large-community large-community-list LIST1 [LIST2]

The following command works similarly to the prior command, however, it does not replace communities already set on a route; it concatenates the community values with the values specified in the list. Duplicate communities are only shown once.

default set large-community large-community-list LIST1 [LIST2][additive]

set large-community large-community-list LIST1 [LIST2][additive]

no set large-community large-community-list LIST1 [LIST2][additive]

In the following command, the delete keyword is used. The delete keyword specifies that any large community values in the input matching any of the large community values (or large community value regular expressions) in the specified large community lists are removed.

default set large-community large-community-list LIST1 [LIST2][delete]

set large-community large-community-list LIST1 [LIST2][delete]

no set large-community large-community-list LIST1 [LIST2][delete]

Apply the following command to the concerned neighbour which large communities are to be sent, otherwise they are not sent.

neighbour x.x.x.x send-community large

Support for Set Large Community List Show Commands

Use the following command to show information about all of the configured route maps.

show route-map

This is an example output of the show route-map command.
switch# show route-map
route-map rm1 permit 10
  Description:
  Match clauses:
  SubRouteMap:
  Set clauses:
    set large-community large-community-list lgl1 lgl2

Support for Set Large Community List Limitations

Resolution of NLRI from (directly connected) eBGP Speakers

For IPv4 or IPv6 unicast NLRI received from eBGP, directly connected BGP sessions are resolved by only using connected routes, or system-connected, in the parlance of this feature. This feature does not change this behavior, nor will configuration of a non-default resolution profile affect this behavior.

Address Family Profile Restrictions
Certain BGP address families only support a subset of possible next-hop resolution profiles. This section documents such limitations.
Address familyRestriction
IPv4/IPv6 unicast (non 6PE)None.
IPv6 unicast 6PEOnly supports tunnel domains*.
IPv4/IPv6 unicast (eBGP directly connected)Only supports system-connected; Not configurable.
IPv4/IPv6 VPNOnly supports tunnel domains* and system-connected.
IPv4/IPv6 LUOnly supports tunnel domains* and system-connected.
EVPN (MPLS)Only supports tunnel domains* and system-connected.
EVPN (VXLAN)Only supports IP domains+.

* Tunnel domains refer to tunnel RIBs, e.g. system-colored-tunnel-rib, system-tunnel-rib, or user-defined tunnel RIBs.

+ IP domains are either of system-unicast-rib or system-connected.

BGP Additional Paths Send Optimization

BGP Add-Path TX, or send, allows for a BGP speaker to advertise multiple paths (instead of a single best-path) for a prefix towards a peering BGP speaker. BGP Add-Path increases path diversity in a network. It restores fast traffic and has efficient link usage through multipathing. This can also be used as a monitoring solution for eligible paths to a monitoring or receiving Add-Path speaker.

Without Add-Path, a sending speaker only sends the best-path for a prefix and a receiving speaker collects all best-path announcements from its peers. The receiving speaker uses only the peer’s address to identify the path.

With Add-Path, the sending speaker can potentially send multiple paths using distinct path-id’s to a peer and the receiver can use to distinguish the multiple paths coming from the same sender.

Ordered Next Hops in FEC

In symmetric network topology, for the same Equal Cost Multi-Path (ECMP) route programmed at different devices in a switch layer, the various devices can program ECMP next-hops in the Forwarding Equivalence Class (FEC) for that route in varying orders. This could result in inconsistent hashing of traffic for those destination routes at the same layer of switches in the network and could be undesired behavior for certain classes of applications. Ordered FEC is an approach to order the next hops in the FEC of a route based on a network-wide device identifier for each next-hop resulting inconsistent ordering of next hops in the FEC for a route across all switches in a layer.

A BGP router-id can be used as a unique network-wide device identifier and BGP paths received from various peers for a BGP ECMP route can have their paths and subsequently, next-hops sorted based on the corresponding peer’s router-id. Ordered Next Hops in the FEC feature would use the BGP router-id to achieve a consistent ordering of next hops in the FEC for a route. This feature is available with multi-agent routing protocol models.

EOS supports mixed IPv4 and IPv6 next hops in a network. An ECMP FEC may have an IPv4 primary route with a secondary IPv6 next hop or an IPv6 route with a secondary IPv4 next hop.

Configuring Ordered Next Hops in FEC

Use the following configuration commands to implement Ordered FEC solution for BGP routes.

  • The BGP instance must be configured to order ECMP paths received for a BGP route deterministically using bgp bestpath tie-break router-id under router bgp configuration mode.
    switch(config)# router bgp 100
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp)# bgp bestpath tie-break router-id
    switch(config-router-bgp)#

    Note: Other tie-break options available under router bgp configuration mode is not supported for Ordered Next Hops in FEC solution.

  • The device must be configured to enforce ordering of next hops as determined by the protocol agents in the FEC programmed for the route using the rib fib fec ecmp ordered command under router general configuration mode.
    switch(config)# router general
    switch(config-router-general)# rib fib fec ecmp ordered
    switch(config-router-general)#

Ordered FEC Show Commands

The show ip route fec command displays if the next-hops in the FEC of a route have been ordered. The output below indicate the show command output before enabling the Ordered FEC solution on the device, and after enabling it. The show ip bgp command output is also included to correlate next hop with corresponding router-id of the peer that the path was received from.

Example
switch# show ip bgp 1.0.16.0
BGP routing table information for VRF default
Router identifier 0.0.0.1, local AS number 1
BGP routing table entry for 1.0.16.0/24
 Paths: 8 available
  30
    1.0.10.2 from 1.0.10.2 (10.0.1.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:53 ago, valid, external, ECMP head, ECMP, best, ECMP contributor
      Rx SAFI: Unicast
  10
    1.0.8.2 from 1.0.8.2 (10.0.4.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:55 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  20
    1.0.9.2 from 1.0.9.2 (10.0.3.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:54 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  40
    1.0.11.2 from 1.0.11.2 (10.0.8.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:52 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  50
    1.0.12.2 from 1.0.12.2 (10.0.2.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:52 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  60
    1.0.13.2 from 1.0.13.2 (10.0.5.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:51 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  70
    1.0.14.2 from 1.0.14.2 (10.0.6.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:50 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
  80
    1.0.15.2 from 1.0.15.2 (10.0.7.1)
      Origin EGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:01:49 ago, valid, external, ECMP, ECMP contributor
      Rx SAFI: Unicast
switch#
switch# show ip ro 1.0.16.0 fec
FEC ID 4294967334, used by 100 IPv4 prefixes and 0 IPv6 prefixes
Next hops:
    via 1.0.8.2, Ethernet8
    via 1.0.9.2, Ethernet9
    via 1.0.10.2, Vlan2317
    via 1.0.11.2, Vlan2836
    via 1.0.12.2, Vlan2043
    via 1.0.13.2, Ethernet4
    via 1.0.14.2, Vlan2000
    via 1.0.15.2, Vlan2191
switch#
switch(config)# router general
switch(config-router-general)# rib fib fec ecmp ordered
switch(config-router-general)# end
switch# show ip route 1.0.16.0 fec
FEC ID 4294967334, used by 100 IPv4 prefixes and 0 IPv6 prefixes
Next hops (ordered):
    via 1.0.10.2, Vlan2317
    via 1.0.12.2, Vlan2043
    via 1.0.9.2, Ethernet9
    via 1.0.8.2, Ethernet8
    via 1.0.13.2, Ethernet4
    via 1.0.14.2, Vlan2000
    via 1.0.15.2, Vlan2191
    via 1.0.11.2, Vlan2836

Limitations

Ordered FEC is supported only for IPv4 and IPv6 BGP ECMP routes received with directly connected next hops.

BGP IPv4-mapped IPv6 Address Next Hops for IPv6 Labeled-Unicast Routes

A BGP router in an IPv4 network may need to receive or send labeled-unicast routes to and from IPv6 networks. A receiving BGP router can be configured so that when it receives a next hop with an IPv4-mapped IPv6 address, the IPv4 address is used for resolving the next hop. Similarly, a sending BGP router can use the IPv4-mapped IPv6 address of its interface as the next hop. For example, this allows IPv6 labeled-unicast EPE bindings to be carried across an IPv4 MPLS network with a next hop corresponding to the border node's loopback IPv4-mapped IPv6 address. The iBGP peer receiving the IPv6 labeled-unicast EPE bindings resolves the IPv4-mapped IPv6 next hop over a IPv4 MPLS transport tunnel.

Example

In this example, a labeled-unicast path from a BGP router in one IPv6 network needs to cross an IPv4 MPLS network to a BGP router in another IPv6 network, as shown in the figure.
Figure 1.IPv4-mapped IPv6 address example


  • Customer edge router CE2 advertises an IPv6 labeled-unicast route to provider edge router PE2.
  • PE2 advertises to PE1 the IPv6 labeled-unicast route using the IPv4-mapped address of its loopback interface.
  • PE1 receives the IPv6 labeled-unicast route, and uses the IPv4 address of the IPv4-mapped IPv6 address in order to resolve the next hop. It resolves to PE2 with an IPv4 multiprotocol label switching (MPLS) tunnel.
  • PE1 advertises the IPv6 labeled-unicast route to CE1.

This allows a BGP speaker to send and receive IPv6 labeled-unicast paths with IPv4-mapped IPv6 next hops through the use of appropriate send-side policy and receive-side policy.

BGP Attributes Ignore Received Lists

Depending on the role of a BGP router on the network, limiting the number of attributes received by the router may provide security if a compromised peer attempts to send modified attributes to affect routing decisions on the network. In other cases, a BGP peer should not advertise unsupported transitive BGP attributes to other BGP peers.

To support the feature, configure a list or range of BGP attributes for the router to ignore after receiving a BGP update message. The BGP update message discards the BGP attributes.

Use the BGP attribute type code to add the desired BGP attribute to the list of ignored attributes. Add BGP attributes from 4 to 255 to the list as an attribute to ignore. the list as an attribute to ignore. You cannot add mandatory BGP attributes such as ORIGIN(1), AS_PATH(2), and NEXT_HOP(3) as ignored BGP attributes. You can also discard BGP attributes on a peer or peer group basis.

Configuring BGP

Configuring BGP Instances

Creating an Instance and Entering BGP Configuration Mode

The switch supports one BGP instance, which is associated with a specified Autonomous System (AS). To other BGP peers, the AS number uniquely identifies the network to which the switch belongs. Arista switches support four-byte AS numbers as described in RFC 4893. Four-byte AS number capability is communicated to BGP peers in OPEN messages. When communicating with a BGP peer which does not support four-byte AS numbers, the switch will replace AS numbers greater than 65535 with the well-known two-byte AS number 23456 (also called AS_TRANS), and encode the actual four-byte AS numbers using the AS4_PATH attribute.

The switch must be in router-BGP configuration mode to run BGP configuration commands. The router bgp command places the switch in the router-BGP configuration mode for creating a BGP instance if one was not previously created. BGP configuration commands apply globally to the BGP instance.

Example

This command places the switch in router-BGP configuration mode. It also creates a BGP instance in AS 50 if an instance was not previously created.

switch(config)# router bgp 50
switch(config-router-bgp)#

When a BGP instance exists, the router bgp command must include its autonomous system. Any attempt to create a second instance results in an error message.

Example

This command attempts to open a BGP instance with a different AS number from that of the existing instance. The switch displays an error and stays in global configuration mode.

switch(config)# router bgp 100
% BGP is already running with AS number 50
switch(config)#

Configuring BGP in a VRF

IPv6 VRF support in EOS allows application of a BGP configuration to a single VRF instance, overriding global commands. To apply VRF-specific BGP configuration, use the vrf command within router-BGP configuration mode to enter BGP VRF configuration mode. IPv6 BGP VRF configuration is performed in the VRF submode of the router-BGP configuration mode. This submode is also where a Route Distinguisher (RD) is configured for a VRF on switches running Ethernet VPN (EVPN): use the rd (Router-BGP VRF and VNI Configuration Modes) command to configure an RD for a VRF.

Examples
  • These commands place the switch in BGP VRF configuration mode for VRF purple. Commands issued in this mode override the global BGP configuration for the specified VRF instance.
    switch(config)# router bgp 1
    switch(config-router-bgp)# vrf purple
    switch(config-router-bgp)#

  • These commands activate IPv6 address-family support for the IPv6 neighbor 2001:0DB8:8c01::1 in VRF purple.
    switch(config-router-bgp-vrf-purple)# router-id 1.1.1.1
    switch(config-router-bgp-vrf-purple)# neighbor 2001:0DB8:8c01::1 remote-as 16
    switch(config-router-bgp-vrf-purple)# address-family ipv6
    switch(config-router-bgp-vrf-purple-af)# neighbor 2001:0DB8:8c01::1 activate
    switch(config-router-bgp-vrf-purple-af)#

  • This command configures a route distinguisher for VRF purple.
    switch(config-router-bgp-vrf-purple)# rd 530:12
    switch(config-router-bgp-vrf-purple)#

Using RCF in BGP configuration

RCF functions support in EOS allows application of a BGP configuration to filter routes and update route attributes. RCF functions can be configured for inbound and outbound updates on BGP neighbors under the IPv4 unicast, IPv6 unicast, IPv4 labeled unicast, and IPv6 labeled unicast address families.

Examples
  • These commands configure the switch in RCF functions for IPv4 application.
    switch(config)# router bgp 64500
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# neighbor 192.168.0.1 rcf in INBOUND_POLICY()
    switch(config-router-bgp-af)# neighbor 192.168.0.1 rcf out OUTBOUND_POLICY()

  • These commands configure the switch in RCF functions for IPv6 unicast application.
    switch(config)# router bgp 64500
    switch(config-router-bgp)# address-family ipv6 labeled-unicast
    switch(config-router-bgp-af-label)# neighbor 192.168.0.1 rcf in LU_INBOUND_POLICY()
    switch(config-router-bgp-af-label)# neighbor 192.168.0.1 rcf out LU_OUTBOUND_POLICY()

  • These commands configure RCF function with the redistribute configuration statement for connected and static routes.
    switch(config)# router bgp 64500
    switch(config-router-bgp)# redistribute connected rcf CONNECTED_POLICY()
    switch(config-router-bgp)# redistribute static rcf STATIC_POLICY()

  • These commands configure RCF function on routes redistributed into BGP from IS-IS. Level 1, level 2, or both IS-IS level routes can be specified for RCF application.
    switch(config)# router bgp 64500
    switch(config-router-bgp)# redistribute isis level-1 rcf ISIS_LEVEL_1_POLICY()
    switch(config-router-bgp)# redistribute isis level-2 rcf ISIS_LEVEL_2_POLICY()
    switch(config-router-bgp)# redistribute isis level-1-2 rcf ISIS_LEVEL_1_2_POLICY()

Configuring BGP Neighbors

Establishing BGP Neighbors

BGP neighbors, or peers, are established by configuration commands that initiate a TCP connection. BGP supports two types of neighbors:
  • Internal neighbors are in the same autonomous system.
  • External neighbors are in different autonomous systems.

BGP neighbors can be either static or dynamic:
  • Static neighbors are established by manually configuring the connection.
  • Dynamic neighbors are established by creating a listen range and accepting incoming connections from neighbors in that address range.

Static neighbors may belong to a static peer group, allowing them to be configured as a group. Configuration applied to an individual member of a static peer group overrides the group configuration for that peer. Dynamic neighbors must belong to a dynamic peer group, and can only be configured as a group.

Static BGP Neighbors

The neighbor remote-as command connects the switch with a peer, establishing a static neighbor.

Once established, a static neighbor may be added to an existing peer group. Any configuration applied to the peer group then is inherited by the neighbor, unless a conflicting configuration has been entered for that peer. Settings applied to a member of the peer group override group settings.

Note: To establish a BGP session, there must be an IPv4 router ID configured in the same VRF or at least one L3 interface with an IPv4 address in the same VRF. If the VRF contains no L3 interfaces with IPv4 addresses (for example, in an IPv6-only environment), configure an appropriate router ID using the router-id (BGP) command.

Examples
  • These commands establish an internal BGP connection with the peer at 10.1.1.14.
    switch(config)# router bgp 50
    switch(config-router-bgp)# neighbor 10.1.1.14 remote-as 50
    switch(config-router-bgp)#

  • These commands establish an external BGP connection with the peer at 192.168.2.5.
    switch(config)# router bgp 50
    switch(config-router-bgp)# neighbor 192.168.2.5 remote-as 100
    switch(config-router-bgp)#

Dynamic BGP Neighbors

The bgp listen range command specifies a range of IPv4 addresses from which the switch will accept incoming dynamic BGP peering requests, and creates the named dynamic peer group to which those peers belong. Dynamic BGP neighbors are peers which have not been manually established, but are accepted into a dynamic peer group when the switch receives a peering request from them.

Dynamic peers cannot be configured individually, but inherit any configuration that is applied to the peer group to which they belong. Peering relationships with dynamic peers are terminated if the peer group is deleted.

Example
These commands create a peer group called “brazil” which accepts dynamic peering requests from the 192.168.2.0/24 subnet.
switch(config)# router bgp 50
switch(config-router-bgp)# bgp listen range 192.168.2.0/24 peer-group brazil remote-as 50
switch(config-router-bgp)#

Displaying Neighbor Connections

The show ip bgp summary and show ip bgp neighbors commands display neighbor connection status.

Example
This command indicates the connection state with the peer at 192.168.2.5 is Estab (established). The peer is an external neighbor because it is in AS 100 and the local server is in AS 50.
switch# show ip bgp summary
BGP summary information for VRF default
BGP router identifier 192.168.104.2, local AS number 50
Neighbor Status Codes: m - Under maintenance
  Neighbor     V  AS  MsgRcvd  MsgSent  InQ OutQ  Up/Down State  PfxRcd PfxAcc
  192.168.2.5  4  100     198      281    0    0 03:11:31 Estab  12     12
switch#

Static BGP Peer Groups

A static BGP peer group is a collection of BGP neighbors which can be configured as a group. Once a static peer group is created, the group name can be used as a parameter in neighbor configuration commands, and the configuration will be applied to all members of the group. Neighbors added to the group will inherit any settings already created for the group. Static peer group members may also be configured individually, and the settings of an individual neighbor in the peer group override group settings for that neighbor.

When the default form of a BGP configuration command is entered for a member of a static peer group, the peer inherits that configuration from the peer group.

A static peer group is created with the neighbor peer group (create) command, or by using the bgp listen range command to accept dynamic peering requests. Once a static peer group has been created, static neighbors can be manually added to the group by using the neighbor peer group (neighbor assignment) command. The neighbor peer group (neighbor assignment) command removes a neighbor from a static peer group.

The neighbor peer group (create) command will delete a static peer group. When a peer group is deleted, the members of that group revert to their individual configurations, or to the system default for any attributes that have not been specifically configured for that peer.

Examples
  • These commands create a peer group named akron.
    switch(config)# router bgp 50
    switch(config-router-bgp)# neighbor akron peer group
    switch(config-router-bgp)#

  • This command adds the neighbors at 1.1.1.1 and 2.2.2.2 to peer group akron.
    switch(config-router-bgp)# neighbor 1.1.1.1 peer group akron
    switch(config-router-bgp)# neighbor 2.2.2.2 peer group akron
    switch(config-router-bgp)#

  • These commands configure the members of peer group akron, but cause the neighbor at 1.1.1.1 to use the system default value for out-delay.
    switch(config-router-bgp)# neighbor akron remote-as 109
    switch(config-router-bgp)# neighbor akron out-delay 101
    switch(config-router-bgp)# neighbor akron maximum-routes 12000
    switch(config-router-bgp)# no neighbor 1.1.1.1 out-delay
    switch(config-router-bgp)#

Dynamic BGP Peer Groups

A dynamic BGP peer group is a collection of BGP neighbors in a specified address range which makes a peer request to the switch. Members of dynamic peer group are configured in groups and not as individuals. A dynamic peer group name is used as a parameter to apply the configuration across all the members in the group. Neighbors joining the group inherit any settings already created for the group.

The bgp listen range command is used to create a dynamic peer group. This command identifies the BGP peering request from a range of IP address, and names the dynamic peer group to which those peers belong to. The bgp listen range command can be configured to accept a peering request from a single AS number or to accept peer request from the range of AS numbers. To accept the request from the range of AS numbers use the peer filter option in the command as shown. If the peer filter referred by the bgp listen range command does not exist, or if the filter exists but has no match commands, it will accept any AS number.

Note: When a listen range command is modified, any existing dynamic neighbor that is already established will get reset.

To delete a dynamic peer group, use the no or default form of the bgp listen range command. All peering relationships with group members are terminated when the dynamic peer group is deleted.

Examples
  • These commands create a dynamic peer group called brazil in a single AS, which accepts peering requests from the 192.0.2.0/24 subnet the single AS is 5.
    switch(config)# router bgp 1
    switch(config-router-bgp)# bgp listen range 192.0.2.0/24 peer-group brazil remote-as 5
    switch(config-router-bgp)#

  • These commands create a dynamic peer group called brazil in a range of ASNs, which accepts peering requests from the 192.0.2.0/24 subnet. The range of AS numbers is defined by peer filter option.
    switch(config)# router bgp 1
    switch(config-router-bgp)# bgp listen range 192.0.2.0/24 peer-group brazil peer-filter group-1
    switch(config-router-bgp)#

  • The show ip bgp peer-group command displays the source of a listen range’s remote AS number definition as shown.

    switch(config-router-bgp)# show ip bgp peer-group
    BGP peer-group is brazil
     BGP version 4
     Listen-range subnets:
    VRF default:
    192.0.2.0/24, remote AS 5
    192.0.2.0/24, peer filter group1
    switch(config-router-bgp)#

Peer Filter

A peer filter defines a set of rules to decide whether to accept or reject the incoming peer request based on the peer’s attributes. The peer filter is defined using a sequence number and a match statement, and supports one new match statement for matching against a range of BGP AS numbers. A peer filter is defined in peer filter configuration mode as shown. The peer filter command supports only matching AS ranges. Unlike route maps, peer filters do not support sets, continues or subroutines.

To delete a peer filter, use the no peer filter or default peer filter commands.

Examples
  • These commands define a peer filter that accepts any AS number.
    switch(config)# peer-filter group1
    switch(config-peer-filter-group1)# 10 match as-range 1-4294967295 result accept
    switch(config-peer-filter-group1)#

  • These commands define a peer filter that accepts any AS number between 65000 and 65100 (inclusive) except 65008 and 65009.
    switch(config)# peer-filter group2
    switch(config-peer-filter-group2)# 10 match as-range 65008-65009 result reject
    switch(config-peer-filter-group2)# 20 match as-range 65000-651000 result accept
    switch(config-peer-filter-group2)#

  • These commands define a peer filter that accepts 3 specific remote AS numbers.
    switch(config)# peer-filter group3
    switch(config-peer-filter-group3)# 10 match as-range 65003 result accept
    switch(config-peer-filter-group3)# 20 match as-range 65007 result accept
    switch(config-peer-filter-group3)# 30 match as-range 65009 result accept
    switch(config-peer-filter-group3)#

  • The show peer-filter command displays the peer filter definition.

    switch(config)# show ip bgp peer-group3
    peer-filter group3
       10 match as-range 65003 result accept
       20 match as-range 65007 result accept
    30 match as-range 65009 result accept
    switch(config)#

Special Considerations for IPv6

BGP predates the use of IPv6, and BGP configuration assumes IPv4 connections by default. The following additional steps are used to configure IPv6 BGP neighbors.

Note: To establish a BGP session, there must be an IPv4 router ID configured in the same VRF or at least one L3 interface with an IPv4 address in the same VRF. If the VRF contains no L3 interfaces with IPv4 addresses (e.g., in an IPv6-only environment), configure an appropriate router ID using the router-id (BGP) command.

Activating IPv6 Neighbors

By default, the switch does not negotiate or advertise IPv6 BGP routes. In order to establish a session with an IPv6 neighbor, it must be made active in the IPv6 address family. The ipv6-unicast option of the bgp default command causes the switch to send IPv6 capability messages and all network advertisements with IPv6 prefixes to all BGP neighbors. The neighbor activate command issued in IPv6 address family configuration mode does the same for a single BGP neighbor.

Examples
  • These commands make all BGP neighbors active in the IPv6 address family.
    switch(config)# router bgp 11
    switch(config)# address-family ipv6
    switch(config-router-bgp-af)# bgp default ipv6-unicast
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)#

  • These commands make the BGP neighbor at 2001:0DB8:8c01::1 active in the IPv6 address family.
    switch(config)# router bgp 11
    switch(config)# address-family ipv6
    switch(config-router-bgp-af)# neighbor 2001:0DB8:8c01::1 activate
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)#

Sending IPv4 NLRIs over IPv6 Connections

The switch supports the exchange of IPv4 NLRIs with IPv6 neighbors. To enable this feature for all IPv6 neighbors, use the ipv4-unicast transport ipv6 option of the bgp default command in the IPv4 address family configuration mode. To enable it for a single IPv6 neighbor, use the neighbor activate command for that neighbor in the IPv4 address family configuration mode.

To send IPv4 NLRIs to IPv6 neighbors, the IPv4 next-hop address must also be communicated. To explicitly configure an IPv4 next hop to send to a specific IPv6 neighbor, use the neighbor local-v4-addr command. In some network configurations, the switch can also be configured to automatically determine the best IPv4 next-hop address for an individual IPv6 neighbor or for all neighbors in the VRF using the neighbor auto-local-addr command.

Examples
  • These commands permit IPv4 NLRI transport over all IPv6 connections by making the IPv4 address family active on IPv6 BGP neighbors, then configure the switch to automatically select a local IPv4 address to be sent in NLRIs to the IPv6 neighbors in a peer group called indianapolis.
    switch(config)# router bgp 11
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# bgp default ipv4-unicast transport ipv6
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)# neighbor indianapolis auto-local-addr
    switch(config-router-bgp)#

  • These commands permit IPv4 NLRI transport with the IPv6 neighbor at 2001:0DB8:8c01::1 using a local IPv4 address of 10.7.5.11.
    switch(config)# router bgp 11
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# neighbor 2001:0DB8:8c01::1 activate
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)# neighbor 2001:0DB8:8c01::1 local-v4-addr 10.7.5.11
    switch(config-router-bgp)#

Maintaining Neighbor Connections

BGP neighbors maintain connections by exchanging KEEPALIVE, UPDATE, and NOTIFICATION messages. Neighbors that do not receive a message from a peer within a specified period (hold time) close the BGP session with that peer. Hold time is typically three times the period between scheduled KEEPALIVE messages. The default keepalive period is 60 seconds; default hold time is 180 seconds.

The timers bgp command configures the hold time and keepalive period. A peer retains its BGP connections indefinitely when its hold time is zero.

Example
This command sets the keepalive period to 15 seconds and the hold time to 45 seconds.
switch(config-router-bgp)# timers bgp 15 45
switch(config-router-bgp)#

The show ip bgp neighbors command displays the hold time.

Example
This command indicates the BGP hold time is 45 seconds.
switch# show ip bgp neighbors 10.100.100.2
BGP neighbor is 10.100.100.2, remote AS 100
BGP version 4, remote router ID 192.168.100.13, VRF default
  Negotiated BGP version 4
  Last read 00:00:05, last write 00:00:05
  Hold time is 45, keepalive interval is 15 seconds         <= hold time
  Configured hold time is 45, keepalive interval is 15 seconds
  Connect timer is inactive
  Idle-restart timer is inactive
  BGP state is Established, up for 04:44:05
  Number of transitions to established: 11
  Last state was OpenConfirm
  Last event was RecvKeepAlive
  Last sent notification:Cease/administrative reset, Last time 04:44:09
  Last rcvd notification:Cease/peer de-configured, Last time    2d02h, First time 7d08h, Repeats 1
  Neighbor Capabilities:
  Multiprotocol IPv4 Unicast: advertised and received and negotiated
  Four Octet ASN: advertised and received
             <-------OUTPUT OMITTED FROM EXAMPLE------->
switch#

Neighbor Route Configuration

Maximum Routes

The neighbor maximum-routes command determines the number of BGP routes the switch accepts from a specified neighbor. The switch disables peering with the neighbor when this number is exceeded.

Example

This command configures the switch to accept 15,000 routes from the peer at 192.168.18.24.
switch(config-router-bgp)# neighbor 192.168.18.24 maximum-routes 15000
switch(config-router-bgp)#

Route Reflection

Participating BGP routers within an AS communicate eBGP-learned routes to all of their peers; they do not re-advertise iBGP-learned routes within the AS to prevent routing loops. Although a fully meshed network topology ensures that all AS members share routing information, this topology can result in high volumes of iBGP messages when scaled. Alternatively, one or more routers can be configured as route reflectors in larger networks.

A route reflector re-advertises routes learned through iBGP to a group of BGP neighbors within the AS, replacing the function of a fully meshed topology. The neighbor route-reflector-client command configures the switch to act as a route reflector and configures the specified neighbor as a client. The bgp client-to-client reflection command enables client-to-client reflection.

Cluster IDs When using route reflectors, an AS is divided into clusters. A cluster contains at least one route reflector and a group of clients to which they re-advertise route information. A cluster may contain multiple route reflectors to provide redundancy protection. Each reflector has a cluster ID. When the cluster has a single route reflector, the cluster ID is its router ID. When a cluster has multiple route reflectors, a 4-byte cluster ID is assigned to all route reflectors in the cluster, allowing them to recognize updates from other cluster reflectors. The command configures the cluster ID in a cluster with multiple route reflectors.

Attribute Preservation Outbound BGP policies can rewrite the BGP attributes (next-hop, local preference and metric) of routes advertised by a route reflector. To configure the route reflector to preserve these attributes regardless of policy (unless those policies are included in a route map), use the bgp route-reflector preserve-attributes command. To include route attributes at all times (even contrary to policies included in route maps), use the always option of the command.

Client-to-client Reflection Usually the clients of a route reflector are not interconnected, and any routes learned by a client are mirrored to other clients and re-advertised within the AS by the route reflector. If the clients of a route reflector are fully meshed, routes received from a client do not need to be mirrored to other clients. In this case, client-to-client reflection should be disabled using the bgp client-to-client reflection command.

Examples
  • These commands configure the switch as a route reflector and the neighbor at 172.72.14.5 as one of its clients, set the cluster ID to 172.22.30.101, and configure the reflector to preserve all BGP attributes of re-advertised routes.
    switch(config-router-bgp)# neighbor 172.72.14.5 route-reflector-client
    switch(config-router-bgp)# bgp cluster-id 172.22.30.101
    switch(config-router-bgp)# bgp route-reflector preserve-attributes
    switch(config-router-bgp)#

  • This command displays the global BGP status for the default VRF, including route reflector configuration.

    Note: The value of the “Attributes of reflected routes” can be preserved (reflected routes maintain attributes unless they are removed by an outbound BGP policy map), always preserved (reflected routes maintain BGP attributes regardless of all policies), or not preserved (reflected routes do not maintain their BGP attributes).

    switch# show bgp instance
    BGP instance information for VRF default
    BGP Local AS: 64512, Router ID: 1.1.4.1
    Total peers:              14
      Configured peers:       14
      UnConfigured peers:     0
      Disabled peers:         4
      Established peers:      9
    Graceful restart helper mode enabled
    Attributes of reflected routes are preserved
    End of rib timer timeout: 00:05:00
    BGP Convergence timer is inactive
    BGP Convergence information:
        BGP has converged:   yes,   Time taken to converge: 00:05:44
        Outstanding EORs:    0,     Outstanding Keepalives: 0
    Convergence timeout: 00:10:00
    switch#

Route Preference

The primary function of external peers is to distribute routes they learn from their peers. Internal peers receive route updates without distributing them. External peers receive route updates, then distribute them to internal and external peers.

Local preference is a metric that iBGP sessions use to select an external route. Preferred routes have the highest local preference value. UPDATE packets include this metric in the LOCAL_PREF field.

The neighbor export-localpref command specifies the LOCAL_PREF that the switch sends to an internal peer. The command overrides previously assigned preferences and has no effect on external peers.

Example

This command configures the switch to enter 200 in the LOCAL_PREF field of UPDATE packets it sends to the peer at 10.1.1.45.
switch(config-router-bgp)# neighbor 10.1.1.45 export-localpref 200
switch(config-router-bgp)#

The neighbor import-localpref command assigns a local preference to routes received through UPDATE packets from an external peer. This command has no effect when the neighbor is an internal peer.

Examples
  • This command configures the switch to assign the local preference of 50 for routes advertised from the peer at 172.16.5.2.
    switch(config-router-bgp)# neighbor 172.16.5.2 import-localpref 50
    switch(config-router-bgp)#

    The show ip bgp command displays the LOCAL_PREF value for all listed routes.

  • This command indicates the route to network 10.10.20.0/24 has a local preference of 400.
    switch# show ip bgp
    BGP routing table information for VRF default
    Router identifier 192.168.100.23, local AS number 64512
    Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
    Origin codes: i - IGP, e - EGP, ? - incomplete
    AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
    
            Network           Next Hop         Metric  LocPref Weight  Path
     * >Ec 10.10.20.0/24      192.168.31.3     0       400     0       64521 i
    switch#

Graceful Restart

Graceful BGP restart allows a BGP speaker with separate control plane and data plane processing to continue forwarding traffic during a BGP restart. Its neighbors (receiving speakers) may retain routing information from the restarting speaker while a BGP session with it is being re-established, reducing route flapping.

Arista switches can act as helpers (receiving speakers) for graceful BGP restart with neighbors that advertise graceful restart capability.

Graceful restart helper mode is enabled by default, but can be turned off globally with the graceful-restart-helper command. Per-peer configuration takes precedence over the global configuration.

Examples
  • This command disables graceful restart helper mode for all BGP peers.
    switch(config-router-bgp)# no graceful-restart-helper
    switch(config-router-bgp)#

  • This command disables graceful restart helper mode for the neighbor at 192.168.32.5 regardless of global configuration.
    switch(config-router-bgp)# no neighbor 192.168.32.5 graceful-restart-helper
    switch(config-router-bgp)#

Peers with graceful restart capability advertise a restart time value as an estimate of the time it will take them to restart a BGP session. When a BGP session with a restarting speaker goes down, the switch (receiving speaker) marks routes from that peer as stale and starts the restart timer. If the session with the peer is not re-established before the restart time runs out, the switch deletes the stale routes from that peer. If the session is re-established within that time, the stale path timer is started. If the stale paths are not updated by the restarting speaker before the stale path time runs out, they are deleted. The maximum time these stale paths are retained after the BGP session is re-established is 300 seconds by default, but can be configured using the graceful-restart stalepath-time command.

Example

This command configures BGP to discard stale paths from a restarting peer 500 seconds after the BGP session with that peer is re-established.
switch(config-router-bgp)# graceful-restart stalepath-time 500
switch(config-router-bgp)#

Filtering Routes

Filtering with Route Maps

Route maps are used in BGP to directly filter IPv4 unicast routes. The neighbor route-map (BGP) command applies a route map to inbound or outbound BGP routes. To display the route maps associated with a specific BGP neighbor, use the show ip bgp neighbors command.

The redistribution of BGP unicast routes into multicast address families allows the network to take a different path for the multicast traffic. It allows redistribution of IPv4 unicast routes into the IPv4 multicast address family and IPv6 unicast routes into the IPv6 multicast address family.

The following command configures the redistribution of IPv4 unicast routes into IPv4 multicast address family in both default and non-default VRF.

switch(config-router-bgp)# address-family ipv4 multicast
switch(config-router-bgp-af)# route input address-family ipv4 unicast rcf onePfx()

The following commands shows the two BGP unicast routes that are received by bgprtr1.
bgprtr1(config-router-multicast)# show bgp ipv4 unicast
BGP routing table information for VRF default
Router identifier 1.1.1.1, local AS number 100
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI Origin Validation codes: V - valid, I - invalid, U - unknown
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

          Network                Next Hop              Metric  AIGP       LocPref Weight  Path
 * >      10.10.10.1/32          1.1.1.2               0       -          100     0       200 i
 * >      10.10.20.1/32          1.1.1.2               0       -          100     0       200 i

The following command shows BGP IPv4 multicast output, when a RCF function filters 10.10.20.1/32.

bgprtr1# show bgp ipv4 multicast
BGP routing table information for VRF default
Router identifier 1.1.1.1, local AS number 100
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

          Network                Next Hop              Metric  AIGP       LocPref Weight  Path
 * >      10.10.20.1/32          1.1.1.2               -       -          -       0       ?

Filtering with BGP Communities
Community values are assigned to a set of subnet prefixes through route map set commands. Route map match commands subsequently use community values to filter routes. The switch uses the following ip community-list commands to filter community routes into a BGP domain:
  • ip community-list creates a community list by explicitly referencing one or more communities by name or number.
  • ip community-list regexp creates a community list by referencing one or more communities by regular expression.
  • ip extcommunity-list creates an extended community list to identify routes for VRFs or for Link BandWidth (LBW) by explicitly referencing extended communities by prefix and number.
  • ip extcommunity-list regexp creates an extended community list to identify routes for VRFs or for Link BandWidth (LBW) by regular expression.

The BGP community attribute is a 32 bit value formatted as follows:
  • an integer between 0 and 4294967040.
  • AA:NN, where AA is 65535 and NN specifies the community number (0-65535) within the AS.

These four community attribute values, and the associated BGP speaker actions, are predefined:
  • no-export: speaker does not advertise the routes beyond the BGP domain.
  • no-advertise: speaker does not advertise the routes to any BGP peers.
  • local-as: speaker does not advertise route to any external peers.
  • internet: speaker advertises the route to the Internet community. By default, this includes all prefixes.

Example

  • These commands assign two network subnets to a prefix list, assign a community number to the prefix list members, then utilize that community in an ip community-list command to permit the routes into the BGP domain.
    1. Compose the IP prefix list.
      switch(config)# ip prefix-list PL_1 permit 10.1.2.5/24
      switch(config)# ip prefix-list PL_1 permit 10.2.5.1/28
      switch(config)#

    2. Create a route map that matches the IP prefix list and sets the community value.
      switch(config)# route-map MAP_1 permit
      switch(config-route-map-MAP_1)# match ip address prefix-list PL_1
      switch(config-route-map-MAP_1)# set community 500
      switch(config-route-map-MAP_1)# exit
      switch(config)#

    3. Create a community list that references the community.
      switch(config)# ip community-list CL_1 permit 500
      switch(config)#

BGP extended communities identify routes for VRFs or for Link BandWidth (LBW). Extended community clauses utilize Route Target (RTt) and Site of Origin Options (SOO):

  • route targets identify sites that may receive appropriately tagged routes.
  • site of origin identifies the site where the router learned the route.

Filtering with AS Path Access Lists

An AS path access list is a named list of permit and deny statements which use regular expressions to filter BGP routes based on their AS path attribute. AS path access lists are created using the ip as-path access-list command, and are applied using a route map match clause with the name of the access list as a parameter.

Example

These commands create an AS path access list identifying routes which pass through AS 3, create a route map which references the access list, assign the routes it filters to community 300, and apply the route map to the neighbor at 192.68.14.5 to assign a community value of 300 to inbound routes received from that neighbor.
  1. Create the AS path access list.
    switch(config)# ip as-path access-list as_list3 permit _3

  2. Create a route map that matches the AS path access list and sets the community value.
    switch(config)# route-map MAP_3 permit
    switch(config-route-map-MAP_3)# match as-path as_list3
    switch(config-route-map-MAP_3)# set community 300
    switch(config-route-map-MAP_3)# exit

  3. Apply the route map to the neighbor.
    switch(config)# router bgp 1
    switch(config-router-bgp)# neighbor 192.68.14.5 route-map MAP_3 in
    switch(config-router-bgp)#

Configuring GTSM for BGP

The Generalized TTL Security Mechanism (GTSM) uses a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to protect BGP peering sessions from Denial-of-Service (DoS) attacks based on forged protocol packets.

An IP packet received from a BGP peer is discarded when its current TTL value is less than (255-n) where n is the configured maximum number of hops to the peer. Use the neighbor ttl maximum-hops command to configure the maximum hop count.

Note: IP packets to GTSM enabled BGP peers are sent with the configured TTL value of 255.

Configuring Routes

Advertising Routes

A BGP neighbor advertises routes it can reach through UPDATE packets. The network (BGP) command specifies a prefix that the switch advertises as a route originating from its AS.

The configuration clears the host portion of addresses entered in network commands. For example, 192.0.2.4/24 is stored as 192.0.2.0/24.

Example

This command configures the switch to advertise the 10.5.8.0/24 network.
switch(config-router-bgp)# network 10.5.8.0/24
switch(config-router-bgp)#

By default, BGP will advertise only those routes that are active in the switch’s RIB. This can contribute to dropped traffic. If a preferred route is available through another protocol (like OSPF), the BGP route will become inactive and not be advertised; if the preferred route is lost, there is no available route to the affected peers. Advertising inactive BGP routes minimizes traffic loss by providing alternative routes.

The bgp advertise-inactive command causes BGP to advertise inactive routes to BGP neighbors. Inactive route advertisement is configured globally, but the global setting can be overridden on a per-VRF basis.

Examples
  • This command configures the switch to advertise routes learned through BGP even if they are not active on the switch.
    switch(config-router-bgp)# bgp advertise-inactive
    switch(config-router-bgp)#

  • This command overrides inactive route advertisement for VRF purple.
    switch(config-router-bgp)# vrf purple
    switch(config-router-bgp-vrf-purple)# no bgp advertise-inactive
    switch(config-router-bgp-vrf-purple)#

Advertising ISIS Routes into BGP Network

The redistribute (BGP) command advertises the routes learned through IS-IS routes into the BGP network. It also allows the user to selectively advertise some routes and modify route attributes before advertising using route maps.

The command is available in both address-family mode and router BGP mode, but the command is rejected if configured in both address-family mode and router mode at the same time.

While redistributing IS-IS routes into BGP, the Level-1 or Level-2 keyword can be used to selectively redistribute Level-1 routes or Level-2 routes into BGP. The keyword is optional, and defaults to Level-2 when not configured.

Use the show ipv6 bgp command to verify that routes are advertised with correct attributes.

Note: If the command is configured in router-af mode, it only redistributes routes with matching address family. If it is configured in router mode, it applies to all enabled address-families.

Examples
  • These commands redistribute IS-IS routes into BGP in the address-family mode.
    switch(config)# router bgp 1
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# redistribute isis level-1 route-map isis-to-bgp-v4
    switch(config-router-bgp-af)#

  • These commands redistribute IS-IS routes into BGP in the router BGP mode.
    switch(config)# router bgp 1
    switch(config-router-bgp)# redistribute isis level-1 route-map isis-to-bgp
    switch(config-router-bgp)#
Advertising OSPF Routes into BGP Network

Routes learned through the OSPF protocol can be redistributed into the BGP domain and advertised by BGP. To redistribute OSPF routes into BGP, use the redistribute (BGP) command. By default, redistribute ospf will redistribute only internal OSPF routes into BGP; the command must be issued separately with additional parameters for each type of OSPF route that is to be redistributed.

Examples
  • These commands redistribute internal OSPF routes into BGP.
    switch(config)# router bgp 1
    switch(config-router-bgp) #redistribute ospf
    switch(config-router-bgp)#

  • These commands redistribute internal, external, and NSSA external OSPF routes into BGP.
    switch(config)# router bgp 1
    switch(config-router-bgp)# redistribute ospf internal
    switch(config-router-bgp)# redistribute ospf external
    switch(config-router-bgp)# redistribute ospf nssa-external
    switch(config-router-bgp)#

BGP Route Aggregation

Aggregation combines the characteristics of multiple routes into a single route for advertisement by the BGP speaker. Aggregation can reduce the amount of information that a BGP speaker is required to store and transmit when advertising routes to other BGP speakers. Aggregation options affect the attributes associated with the aggregated route, the advertisement of the contributor routes that comprise the aggregate, and which contributor routes are included.

Aggregate routes are created with the aggregate-address command, which takes an IP subnet as an argument; any routes configured on the switch that lie within that subnet then become contributors to the aggregate. Note that on Arista switches the BGP aggregate route will become active if there are any available contributor routes on the switch, regardless of the originating protocol. This includes routes configured statically.

Note: This behavior is observed only when the single-agent routing model (ribd) is run on the switch.

BGP speakers display aggregate routes that they create as null routes (with one exception: if all the contributors to the aggregate have the same BGP path attributes, then the BGP aggregate copies those attributes and is no longer a null route). Aggregate routes are advertised into the BGP autonomous system and redistributed automatically, and their redistribution cannot be disabled. BGP neighbors display inbound aggregate routes as normal BGP routes. Null routes are displayed with the show ip route command. Display normal BGP routes (and null aggregate routes) with the show ip bgp and show ip route commands.

Aggregation Options

The aggregate-address command provides the following aggregate route options:

  • AS_PATH attribute inclusion: the as-set option controls the aggregate route’s AS_PATH and ATOMIC_AGGREGATE attribute contents. AS_PATH identifies the autonomous systems through which UPDATE message routing information passes. ATOMIC_AGGREGATE indicates that the route is an aggregate or summary of more specific routes.

    When the command includes as-set, the aggregate route’s AS_SET attribute contains the AS numbers of contributor routes. This can help BGP neighbors to prevent loops by rejecting aggregate routes that include their AS number in the AS_SET.

    When the command does not include as-set, the aggregate route’s ATOMIC_AGGREGATE attribute is set and the AS_PATH attribute does not include AS numbers of contributing routes.

  • Attribute assignment: the attribute-map option assigns attributes contained in set commands in a specified route map’s lowest sequence with any set command to the aggregated route, overriding the automatic determination of the aggregate route’s attributes by the switch.

  • Route suppression: the summary-only option suppresses the advertisement of the contributor routes that comprise the aggregate.

  • Contributor filtering: the match-map option uses a route map to filter out contributor routes that would otherwise be included in the aggregate.

Example

  • These commands create an aggregate route (10.16.48.0/20) from four contributor routes (10.16.48.0/23, 10.16.50.0/23, 10.16.52.0/23, and 10.16.54.0/23). The aggregate route includes the AS_PATH information from the contributor routes.
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 10.16.48.0/20 as-set
    switch(config-router-bgp)# exit
    switch(config)#

  • These commands create an aggregate route and use a route map to add a local-preference attribute to the route.
    switch(config)# route-map map1 permit 10
    switch(config-route-map-map1)# set local-preference 40
    switch(config-route-map-map1)# exit
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 10.16.48.0/20 attribute-map map1
    switch(config-router-bgp)# exit
    switch(config)#

  • These commands create an aggregate route and use a route map to allow only those contributors that match a specified prefix list included in the aggregate route.
    switch(config)# route-map matchmap permit 10
    switch(config-route-map-matchmap)# match ip address prefix-list agglist
    switch(config-route-map-matchmap)# exit
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 1.1.0.0/16 summary-only match-map matchmap
    switch(config-router-bgp)#

The match-map parameter in the aggregate-address command advertises the route(s) that is denied in match-map.

Note: The match-map parameter only takes effect when used with the summary-only parameter.

Identifying BGP Aggregate Contributors Match in Outbound Policy

When configured, this feature introduces the ability to match on the following parameters:

  1. Any BGP aggregate contributor, in the outbound route maps.
  2. A specific BGP aggregate contributor, in the outbound route maps.

The attributes that are currently supported for matching on BGP aggregate contributors are community, local-preference, prefix, next-hop,route-type.

Match Contributors to Any Aggregate
To match contributors to any BGP aggregate and set attributes (say communities) on said contributor, add an outbound policy with the clause:
switch(config-route-map-test)# match aggregate-role contributor

The match aggregate-role contributor clause only works with outbound policies.

Example

In this example, all the BGP contributor routes (to all aggregates) is assigned to the community 65536:100 as they are advertised to the neighbor 192.0.2.1.
ip community-list BLUE permit 65536:100
!
route-map OUTBOUND_POLICY permit 10
match aggregate-role contributor
set community community-list BLUE
!
route-map OUTBOUND_POLICY permit 20
description “Permit the routes rejected by seq10"
!
router bgp 65536
aggregate-address 203.0.113.0/24
neighbor 192.0.2.1 route-map OUTBOUND_POLICY out
!

Match Contributors to Specific Aggregates

To match contributors which contribute only to a BGP aggregate with specific attributes (say communities) and set attributes (say communities again) on said contributor, add an outbound policy with the clause:

switch(config-route-map-test)# match aggregate-role contributor aggregate-attributes MATCH_AGG_COLOR

Define the MATCH_AGG_COLOR as below:
route-map MATCH_AGG_COLOR
                    match community RED

Add an aggregate definition to explicitly set the desired attributes on the aggregate of interest:

route-map AGG_SET_COLOR
set community community-list RED
!
router bgp 65536                aggregate-address 203.0.113.0/24 attribute-map AGG_SET_COLOR

The route map referenced by the match aggregate-role contributor aggregate-attributes clause discards all set operations.

Example
  • In this example the BGP contributor routes to the aggregate 203.0.113.0/24 (that has community 65536:200), to be assigned the community 65536:100 when they are advertised outbound to the neighbor 192.0.2.1.
    ip community-list BLUE permit 65536:100
    ip community-list RED permit 65536:200
    !
    route-map AGG_SET_COLOR
    set community community-list RED
    !
    route-map MATCH_AGG_COLOR
    match community RED
    !
    route-map OUTBOUND_POLICY permit 10
    match aggregate-role contributor aggregate-attributes MATCH_AGG_COLOR
    set community community-list BLUE
    !
    route-map OUTBOUND_POLICY permit 20
    description “Permit the routes rejected by seq10”
    !       	 
    router bgp 65536
    aggregate-address 203.0.113.0/24 attribute-map AGG_SET_COLOR
    neighbor 192.0.2.1 route-map OUTBOUND_POLICY out
    !

Invert-result Support

This match clause supports the invert-result modifier. When applied, invert-result inverts the result of the match clause to which it is applied.

The results for the following command would be:
switch(config-route-map-test)# match invert-result aggregate-role contributor aggregate-attributes MATCH_AGG_COLOR

  1. match all routes that are not contributors to any aggregate.

  2. match all routes that are contributors to aggregates where the aggregate doesn’t match MATCH_AGG_COLOR (provided MATCH_AGG_COLOR is configured).

  3. not match all routes that are contributors to aggregates where the aggregate matches MATCH_AGG_COLOR (provided MATCH_AGG_COLOR is configured).

  4. not match all routes that are contributors to aggregates if MATCH_AGG_COLOR is not configured.

Related Command

match (route-map)

Customizing the BGP AS-Path Attribute

The BGP Replace AS-Path feature allows the user to customize the AS_PATH attribute for prefixes that are either received from a BGP neighbor or advertised to a BGP neighbor. To configure the BGP Replace AS-Path feature, use the set as-path match and set as-path prepend commands.

To replace the AS_PATH attribute of routes received from a BGP neighbor, configure a route map and attach the policy to the corresponding BGP neighbor statement in the inbound direction.

To replace the AS_PATH attribute of routes that are advertised to a neighbor, configure a route map and attach the policy to the corresponding BGP neighbor statement in the outbound direction.

The Replace AS-Path feature works in conjunction with the AS-Path Prepend feature which is also used to modify the AS_PATH attribute. However, if both features are configured within the same route map, then the replace AS-Path feature takes precedence over the AS-Path Prepend.

Note: The BGP Replace AS-Path feature supports both eBGP and iBGP neighbors. The locally configured AS number is always prefixed to the AS-Path of routes advertised to the eBGP neighbors. This RFC behavior is retained in Arista’s implementation of the Replace AS-Path feature as well.

BGP Replace AS-Path has the following limitations:
  • Replacing the AS-Path should be used cautiously since it may impact BGP loop prevention.
  • A few duplicated routes may be advertised and installed on a router after the original AS-Path of those routes are replaced. To fix this issue, it is always suggested to filter out such routes by prefix with BGP Community.

Example

This command replaces the AS-Path with the none option.
switch# show ip bgp neighbors 80.80.1.2 advertised-routes
BGP routing table information for VRF default
Router identifier 202.202.1.1, local AS number 200
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast, q - Queued 
for advertisement
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop

          Network                Next Hop               Metric  LocPref Weight Path
* >       101.101.1.0/24         80.80.1.1              -       -       -      200 i
* >       102.102.1.0/24         80.80.1.1              -       -       -      200 i
* >       103.103.1.0/24         80.80.1.1              -       -       -      200 302 i
* >       202.202.1.0/24         80.80.1.1              -       -       -      s200 i
switch# configuration terminal
switch(config)# route-map foo permit 10
switch(config-route-map-foo)# set as-path match all replacement none
switch(config-route-map-foo)# exit
switch(config)# router bgp 200
switch(config-router-bgp)# neighbor 80.80.1.2 route-map foo out
switch(config-router-bgp)# end
switch# show ip bgp neighbors 80.80.1.2 advertised-routes
BGP routing table information for VRF default
Router identifier 202.202.1.1, local AS number 200
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast, q - Queued 
for advertisement
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop

          Network                Next Hop               Metric  LocPref Weight Path
* >       101.101.1.0/24         80.80.1.1              -       -       -      200 i
* >       102.102.1.0/24         80.80.1.1              -       -       -      200 i
* >       103.103.1.0/24         80.80.1.1              -       -       -      200 i
* >       202.202.1.0/24         80.80.1.1              -       -       -      200 i
switch#

The AS-Path of matching prefixes are replaced with an empty or a null AS-Path. AS 302 is removed from prefix 103.103.1.0/24 as shown in the above output.This command replaces the AS-Path with the auto option.
switch(config)# route-map foo permit 10
switch(config-route-map-foo)# set as-path match all replacement auto
switch(config-route-map-foo)# end
switch# show ip bgp neighbors 80.80.1.2 advertised-routes
BGP routing table information for VRF default
Router identifier 202.202.1.1, local AS number 200
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast, q - Queued 
for advertisement
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop

          Network                Next Hop               Metric  LocPref Weight Path
* >       101.101.1.0/24         80.80.1.1              -       -       -      200 200 i
* >       102.102.1.0/24         80.80.1.1              -       -       -      200 200 i
* >       103.103.1.0/24         80.80.1.1              -       -       -      200 200 i
* >       202.202.1.0/24         80.80.1.1              -       -       -      200 200 i
switch#

The AS-path of matching prefixes are replaced with the locally configured AS 200.

Modifying the Local AS Value

The switch can replace its local AS number with a configured value when sending OPEN messages to a specified neighbor, allowing the switch to appear as a member of a different AS to that peer. In the case of a static peer, the neighbor must also be configured to recognize the modified AS in order for peering to occur. The additional configuration is unnecessary in the case of dynamic peers.

To configure a different local AS value for the switch, use the neighbor local-as command. To configure the peer to expect the altered ASN from the switch, use the neighbor remote-as command on the peer.

Example

These commands configure the switch to replace its local ASN in OPEN messages sent to the peer at 10.13.64.1 with ASN 64500, and configure the peer to expect that ASN in messages received from the switch.

Switch Configuration

switch(config)# router bgp 64497
switch(config-router-bgp)# neighbor 10.13.64.1 local-as 64500 no-prepend
switch(config-router-bgp)#

Peer Configuration

peer(config)# router bgp 64502
peer(config-router-bgp)# neighbor 10.4.3.10 remote-as 64500
peer(config-router-bgp)#

AS-path Modifications for Split ASes

By default, BGP rejects routes that contain the local Autonomous System Number (ASN). Sometimes a single autonomous system is divided geographically or otherwise with one or more provider ASs in between. In these cases, a valid route can sometimes be dropped by a customer edge router because the local ASN appears in the AS-path of route advertisements that have traveled through one or more provider networks. To ensure that these routes are not dropped, the provider edge router can be configured to replace the customer AS with its own, or the customer edge router can be configured to ignore its local AS number in received routes.

Replacing Remote ASN in Outbound Route Announcements

To replace a remote ASN with the local ASN in BGP route announcements sent to a specified router, use the neighbor as-path remote-as replace out command.

Example

These commands configure the switch to substitute its local ASN for the ASN of the BGP neighbor at 192.168.2.15 in BGP routes advertised to that neighbor.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.2.15 as-path remote-as replace out
switch(config-router-bgp)#

Ignoring Local ASN in Incoming Route Announcements

To accept BGP routes that include the local ASN in their AS-path attribute, use the neighbor allowas-in command.

Example

These commands configure the switch to accept routes from the BGP neighbor at 192.168.1.30 which contain the switch’s ASN in their AS paths as many as 3 times.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.1.30 allowas-in
switch(config-router-bgp)#

Configuring Address Families

The switch determines the network prefixes that peering sessions advertise and the BGP neighbor addresses that receive advertisements through address family activity configuration.

An address family is a data structure that defines route advertising status to BGP neighbor addresses. Each BGP neighbor address is assigned an activity level for each address family on the switch. The switch sends capability and network prefix advertisements to neighbor addresses that are active within specified address families:
  • IPv4 address family: switch advertises IPv4 capability and network commands with IPv4 prefixes to neighbor addresses configured as IPv4 address family active.

  • IPv6 address family: switch advertises IPv6 capability and network commands with IPv6 prefixes to neighbor addresses configured as IPv6 address family active.

Neighbor Address Family Configuration

Address family activity levels for neighbor addresses are configured through bgp default and neighbor activate commands.

  • The bgp default command specifies the default activity level of BGP neighbor addresses for a specified address family.

  • The neighbor activate command specifies deviations from default address family activity level for a specified BGP neighbor address.

Default Neighbor Activation
The bgp default command configures the default address family activity level of all configured BGP neighbor addresses. The switch advertises the following to address family active addresses:
  • IPv4 address family active: IPv4 capability and all network advertisements with IPv4 prefixes.
  • IPv6 address family active: IPv6 capability and all network advertisements with IPv6 prefixes.
These commands configure default address family activity levels for configured BGP neighbor addresses:
  • bgp default ipv4-unicast: all BGP neighbor addresses are IPv4 address family active (this is the switch default).
  • no bgp default ipv4-unicast: no BGP neighbor addresses are IPv4 address family active.
  • bgp default ipv6-unicast: all BGP neighbor addresses are IPv6 address family active.
  • no bgp default ipv6-unicast: no BGP neighbor addresses are IPv6 address family active (this is the switch default).
  • bgp default ipv4-unicast transport ipv6: all BGP neighbor addresses are IPv4 address family active and IPv6 neighbors can receive IPv4 NLRIs.

    Note: If it is necessary to exchange IPv4 NLRIs over an IPv6 connection, the IPv4 address family must be activated on the IPv6 neighbor. To do this for all IPv6 neighbors, use the command bgp default. For an individual neighbor, use the neighbor activate command for the IPv6 neighbor in the IPv4 address-family configuration mode as described below.
Activating Individual Neighbor Addresses
The address-family command places the switch in address family mode to configure the address family activity level of individual BGP neighbor addresses. The switch supports these address families:
  • ipv4-unicast
  • ipv6-unicast

The running-config displays address family commands in sub-blocks of the BGP configuration. The neighbor activate command is available in each address family configuration mode and defines the configuration mode address family activity level of a specified configured BGP neighbor address. Addresses are assigned one of the following states by the activate command:
  • neighbor activate configures the address as active in the configuration mode address family.
  • no neighbor activate configures the address as not active in the configuration mode address family.

The switch sends the following announcements to addresses that are active in an address family:

  • IPv4 address family: IPv4 capability and all network routes with IPv4 prefixes.
  • IPv6 address family: IPv6 capability and all network routes with IPv6 prefixes.

The neighbor route-map (BGP) command applies a route map to inbound or outbound BGP routes. In address-family mode, the route map is applied to routes corresponding to the configuration-mode address family. When a route map is applied to outbound routes, the switch advertises only routes matching at least one section of the route map. One outbound and one inbound route map can be applied to a neighbor for each address family. Applying a route map to a route replaces the previous corresponding route map assignment.

Network Route Advertising in Address Families

The network (BGP) command specifies a network for advertisement through UPDATE packets to BGP peers. The command is available in Router-BGP and Router-BGP-Address-Family configuration modes; the mode in which the command is issued does not affect the command’s execution.

  • Commands with an IPv4 address are advertised to peers that are IPv4 address family-active.
  • Commands with an IPv6 address are advertised to peers that are IPv6 address family-active.

Examples
  • These commands instantiate BGP, configure three neighbors, and configure two network routes.

    The default activity level for IPv4 and IPv6 address families is set to the default; all neighbor addresses are IPv4 address family active and IPv6 address family not active. IPv4 capability and network routes with IPv4 prefixes are advertised to all neighbor IPv4 addresses.

    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 172.21.14.8 remote-as 15
    switch(config-router-bgp)# neighbor 172.23.18.6 remote-as 16
    switch(config-router-bgp)# neighbor 2001:0DB8:8c01::1 remote-as 16
    switch(config-router-bgp)# network 172.18.23.9/24
    switch(config-router-bgp)# network 2001:0DB8:de29::/64
    switch(config-router-bgp)#

  • These commands instantiate BGP on the switch, set IPv4 default activity level (not active), set IPv6 default activity level (active), and configure three neighbor addresses and two network route prefixes.

    IPv6 capability and network routes with IPv6 prefixes are advertised to all neighbor addresses.

    switch(config)# router bgp 10
    switch(config-router-bgp)# bgp default ipv6-unicast
    switch(config-router-bgp)# no bgp default ipv4-unicast
    switch(config-router-bgp)# neighbor 172.21.14.8 remote-as 15
    switch(config-router-bgp)# neighbor 172.23.18.6 remote-as 16
    switch(config-router-bgp)# neighbor 2001:0DB8:8c01::1 remote-as 16
    switch(config-router-bgp)# network 172.18.23.9/24
    switch(config-router-bgp)# network 2001:0DB8:de29::/64
    switch(config-router-bgp)#

  • These commands configure three neighbors, two network routes, and the default activity level for each address family (not active), and specify neighbor addresses for each address family that is active.
    switch(config)# router bgp 11
    switch(config-router-bgp)# neighbor 172.21.14.8 remote-as 15
    switch(config-router-bgp)# neighbor 172.23.18.6 remote-as 16
    switch(config-router-bgp)# neighbor 2001:0DB8:8c01::1 remote-as 16
    switch(config-router-bgp)# network 172.18.23.9/24
    switch(config-router-bgp)# network 2001:0DB8:de29::/64
    switch(config-router-bgp)# no bgp default ipv4-unicast
    switch(config-router-bgp)# no bgp default ipv6-unicast
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# neighbor 172.21.14.8 activate
    switch(config-router-bgp-af)# neighbor 172.23.18.6 activate
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)# address-family ipv6
    switch(config-router-bgp-af)# neighbor 2001:0DB8:8c01::1 activate
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)#

  • These commands permit IPv4 NLRI transport over all IPv6 connections by making the IPv4 address family active on IPv6 BGP neighbors.
    switch(config)# router bgp 11
    switch(config)# address-family ipv4
    switch(config-router-bgp-af)# bgp default ipv4-unicast transport ipv6
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)#

Configuring Best-path Selection

The best-path selection algorithm (described under Best-Path Selection) determines which of multiple paths to the same destination received by BGP will be added to the IP routing table. To shape route preferences and influence best-path selection, use the following commands in router-BGP configuration mode.
  • bgp always-compare-med configures the switch to always consider the Multi-Exit Discriminator (MED) value when comparing paths (disabled by default).

  • bgp bestpath as-path ignore configures the switch to ignore the length of the Autonomous System (AS) path when comparing routes (disabled by default).

  • bgp bestpath as-path multipath-relax used in Equal-Post Multi Path (ECMP configuration) and enabled by default; the no form of the command configures the switch to consider paths unequal if their AS paths have different contents.

  • bgp bestpath ecmp-fast the no form of this command causes the switch to ignore order of arrival in evaluating paths within an ECMP group.

  • bgp bestpath med confed causes comparison of Multi-Exit Discriminator (MED) values in routes originating within the same confederation as the switch and received from confederation peers (disabled by default).

  • bgp bestpath med missing-as-worst configures the switch to treat a missing MED as having the highest (least preferred) value (disabled by default). This command overrides the setting of the bgp bestpath med confed command.

  • bgp bestpath tie-break cluster-list-length configures the switch to prefer the multipath route with the shortest CLUSTER_LIST length in case of a tie in step 10 of the selection process (disabled by default).

  • bgp bestpath tie-break router-id configures the switch to prefer the multipath route with the lowest ROUTER_ID in case of a tie in step 10 (disabled by default).

Displaying Reasons for Best-path Selection

To see the reasons why certain routes were excluded by the best-path selection process, use the detail option of the show ip bgp command. Enter the prefix to which BGP has selected a best path, and the output will display all learned paths. Paths which were not selected as best will display the reason they were not selected after the label not best.

The reason will be listed as one of the following:
  • path weight
  • local preference
  • AS path length
  • origin
  • path MED
  • eBGP path preferred
  • IGP cost
  • AS path details
  • ECMP-Fast configured
  • router ID
  • originator ID
  • router ID tie-break configured
  • cluster list length
  • cluster list length tie-break configured
  • peer IP address
  • path ID
  • redistributed route exists
  • unknown
  • another route from the same AS is a better BGP route
  • peer not ready
  • unusable

Example

This command displays the reasons why three routes to 172.16.0.0/24 were rejected by the best-path algorithm. The reason for rejection is preceded by the label Not best:
switch# show ip bgp 172.16.0.0/24 detail
BGP routing table information for VRF default
Router identifier 192.168.100.18, local AS number 64524
Route status: [a.b.c.d] - Route is  queued for advertisement to peer.
BGP routing table entry for 204.1.47.220/30
 Paths: 4 available
  64512 64550 65100
    192.168.14.2 from 192.168.14.2 (192.168.100.21)
      Origin IGP, metric 0, localpref 100, weight 0, received 19:15:29 ago, valid, 
external, ECMP head, ECMP, best, ECMP contributor
      Rx SAFI: Unicast
  64512 64550 65100
    192.168.24.2 from 192.168.24.2 (192.168.100.22)
      Origin IGP, metric 0, localpref 100, weight 0, received 19:15:29 ago, valid, 
external, ECMP, ECMP contributor
      Rx SAFI: Unicast
      Not best: ECMP-Fast configured
  64512 64550 65100
    192.168.34.2 from 192.168.34.2 (192.168.100.23)
      Origin IGP, metric 0, localpref 100, weight 0, received 19:15:29 ago, valid, 
external, ECMP, ECMP contributor
      Rx SAFI: Unicast
      Not best: Redistributed route exists
  64512 64550 65100
    192.168.44.2 from 192.168.44.2 (192.168.100.24)
      Origin IGP, metric 0, localpref 100, weight 0, received 19:15:29 ago, valid, 
external, ECMP, ECMP contributor
      Rx SAFI: Unicast
      Not best: eBGP path preferred
Not advertised to any peer
switch#

Configuring BGP Convergence

To avoid hardware updates and route advertisement churn during switch reload or BGP instance start, BGP enters into the convergence state where it waits for all peers to join and receive all routes from all the peers.

BGP Convergence is bound by an upper value of convergence time (default value is 5 minutes) and BGP declares convergence on expiry of convergence timer. At the end of convergence, BGP updates the routes in FIB and advertises to all the peers.

To configure BGP convergence and the different timeout features, use the following commands in router-BGP configuration mode.

Different Cases for Convergence with Default Timeout Configuration

  • Convergence Time < 90 seconds after the first peer has joined: this is the best case when all the configured peers have joined and EORs have been received from all peers in less than 90 seconds after the first peer has joined.

  • Convergence Time = 90 seconds after the first peer has joined: this is the case when one or more BGP peers have joined within 90 seconds and EORs have been received from all peers within 90 seconds, but there are still some configured peers which have not joined yet. In this case, the convergence is declared after slow-peer timeout is reached.

  • Convergence Time > 90 seconds after the first peer has joined: this is the case when one or more BGP peers have joined after 90 seconds, but EORs have not been received from all peers. As soon as EORs are received from all peers which have joined during the first 90 seconds, the convergence is declared.

  • Convergence Time = 300 seconds after the first peer has joined: this is the case when EOR is not received till 300 seconds from some of the peers that have joined during 90 seconds after the first peer has joined.

Displaying BGP Convergence Status

Use the show bgp convergence command to view information about the BGP convergence status, and to know if the convergence timer has started or not. The examples below show the command output at different points in the convergence process.

No Peers Have Joined
This is the output when no peers have joined before convergence.
switch(config-router-bgp)# show bgp convergence
BGP Convergence information for VRF: default
Configured convergence timeout: 00:02:30
Configured convergence slow peer timeout: 00:00:55
Convergence based update synchronization is enabled
Last Bgp convergence event : None
Bgp convergence state : Not Initiated (Waiting for the first peer to join)
 Convergence timer is not running
 Convergence timeout in use: 00:02:30
 Convergence slow peer timeout in use: 00:00:55
 First peer is not up yet
 All the expected peers are up: no
 All IGP protocols have converged: yes
 Outstanding EORs: 0, Outstanding Keepalives: 0
 Pending Peers: 2
 Total Peers: 2
 Established Peers: 0
 Disabled Peers: 0
 Peers that have not converged yet:
 IPv4 peers:
 201.1.1.1 (Session : Connect)
 202.1.1.1 (Session : Connect)
 IPv6 peers:
 None
switch(config-router-bgp)#

First Peer Has Joined
This is the output when the first peer has joined before convergence.
switch# show bgp convergence
BGP Convergence information for VRF: default
Configured convergence timeout: 00:02:30
Configured convergence slow peer timeout: 00:00:55
Convergence based update synchronization is enabled
Last Bgp convergence event 00:00:40 ago
Bgp convergence state : Pending (Waiting for EORs/Keepalives from peer(s) and IGP 
convergence)
 Convergence timer running, will expire in 00:01:50
 Convergence timeout in use: 00:02:30
 Convergence slow peer timeout in use: 00:00:55
 First peer came up 00:00:13 ago
 All the expected peers are up: no
 All IGP protocols have converged: yes
 Outstanding EORs: 0, Outstanding Keepalives: 0
 Pending Peers: 1
 Total Peers: 2
 Established Peers: 1
 Disabled Peers: 0
 Peers that have not converged yet:
 IPv4 peers:
 201.1.1.1 (Session : Active)
 IPv6 peers:
 None
switch#

Convergence Timeout Reached
This is the output when the convergence timeout value is reached.
switch(config-router-bgp)# show bgp convergence
BGP Convergence information for VRF: default
Configured convergence timeout: 00:02:30
Configured convergence slow peer timeout: 00:00:55
Convergence based update synchronization is enabled
Last Bgp convergence event 00:02:44 ago
Bgp convergence state : Timeout reached
 Time taken to converge 00:02:30
 Pending Peers: 1
 Total Peers: 2
 Established Peers: 1
 Disabled Peers: 0
 Peers that did not converge before local bgp convergence:
 IPv4 peers:
 201.1.1.1 (Session : Active)
 202.1.1.1 (Session : Established)
 IPv6 peers:
 None
switch(config-router-bgp)#

Converged State
This is the output during the converged state.
switch(config-router-bgp)# show bgp convergence
BGP Convergence information for VRF: default
Configured convergence timeout: 00:05:00
Configured convergence slow peer timeout: 00:01:30
Convergence based update synchronization is enabled
Last Bgp convergence event 00:00:05 ago
Bgp convergence state : Converged
 Time taken to converge 00:00:02
 First peer came up 00:00:05 ago
 Pending Peers: 0
 Total Peers: 3
 Established Peers: 3
 Disabled Peers: 0
 Peers that did not converge before local bgp convergence:
 IPv4 peers:
 None
 IPv6 peers:
 None
switch(config-router-bgp)#

Configuring BGP Graceful Shutdown Community

Creating a Route-Map Entry That Sets the Community for Graceful Shutdown

The set community (route-map) command specifies community attribute modifications to BGP routes.

Example
switch(config)# route-map map1
switch(config-route-map-map1)# set community GSHUT
switch(config)# exit
switch(config)#

Creating a Route-Map Entry with Matching Preferences on Graceful Shutdown Community

The ip community-list command creates and configures a BGP access list that is based on BGP communities.

The match (route-map) command creates a route map clause entry that specifies one route filtering condition.

Example
switch(config)# ip community-list gshut_list permit GSHUT
switch(config)# route-map map1
switch(config-route-map-map1)# match community gshut_list
switch(config-route-map-map1)# exit
switch(config)#

Validating the Route-Map

The show route-map command displays the contents of the specified route maps.

Example
switch# show route-map map1
route-map map1 permit 10
Description:
Match clauses:
Set clauses:
set community GSHUT
switch#

Configuring BGP Additional Paths Send

The bgp additional-paths send mode/application command is used in the BGP configuration mode to enable BGP additional paths.

The following examples show how to configure Add-Path TX at global, address family (AF) and neighbor for both default VRF and non-default VRF.

Add-Path TX at Global Level (AF and NeighborIndependent) for Default VRF

These commands configure all peers under the default VRF to be Add-Path capable at global level with different options for BGP router 65003.
switch(config)# router bgp 65003
switch(config-router-bgp)# bgp additional-paths send any

switch(config)# router bgp 65003
switch(config-router-bgp)# bgp additional-paths send limit 2
 
switch(config)# router bgp 65003
switch(config-router-bgp)# bgp additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# bgp additional-paths send ecmp limit 2
 
switch(config)# router bgp 65003
switch(config-router-bgp)# bgp additional-paths send backup

Add-Path TX at Address-Family Level (neighbor independent) for Default VRF

These configure all peers under the default VRF to be Add-Path capable when exchanging IPv4 NLRI, under address-family ipv4 for BGP router 65003.
switch(config)# router bgp 65003
switch(config-router-bgp)# address-family ipv4
switch(config-router-bgp-af)# bgp additional-paths send any
 
switch(config)# router bgp 65003
switch(config-router-bgp)# address-family ipv4
switch(config-router-bgp-af)# bgp additional-paths send limit 3
 
switch(config)# router bgp 65003
switch(config-router-bgp)# address-family ipv4
switch(config-router-bgp-af)# bgp additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# address-family ipv4
switch(config-router-bgp-af)# bgp additional-paths send ecmp limit 3
 
switch(config)# router bgp 65003
switch(config-router-bgp)# address-family ipv4
switch(config-router-bgp-af)# bgp additional-paths send backup

Add-Path TX at Neighbor Level for Default VRF

These configure a specific peer under the default VRF to be Add-Path capable for BGP router 65003 and neighbor 90.0.0.1.
switch(config)# router bgp 65003
switch(config-router-bgp)# neighbor 90.0.0.1 additional-paths send any
 
switch(config)# router bgp 65003
switch(config-router-bgp)# neighbor 90.0.0.1 additional-paths send limit 
 
switch(config)# router bgp 65003
switch(config-router-bgp)# neighbor 90.0.0.1 additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# neighbor 90.0.0.1 additional-paths send ecmp limit 4
 
switch(config)# router bgp 65003
switch(config-router-bgp)# neighbor 90.0.0.1 additional-paths send backup

Add-Path TX at Global Level (AF and Neighbor Independent) for Non-default VRF

These commands configure Add-Path TX at global level (AF and neighbor independent) for non-default VRF for BGP router 65003 and Acme VRF.
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# bgp additional-paths send any
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# bgp additional-paths send limit 5
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# bgp additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# bgp additional-paths send ecmp limit 5
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# bgp additional-paths send backup

Add-Path TX at Address-Family Level (neighbor Independent) for Non-default VRF

These configure all peers under the non-default VRF to be Add-Path capable under address-family ipv4 for BGP router 65003 and Acme VRF.
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# address-family ipv4
switch(config-router-bgp-vrf-Acme-af)# bgp additional-paths send any
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# address-family ipv4
switch(config-router-bgp-vrf-Acme-af)# bgp additional-paths send limit 6
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# address-family ipv4
switch(config-router-bgp-vrf-Acme-af)# bgp additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# address-family ipv4
switch(config-router-bgp-vrf-Acme-af)# bgp additional-paths send ecmp limit 6
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# address-family ipv4
switch(config-router-bgp-vrf-Acme-af)# bgp additional-paths send backup

Add-Path TX at Neighbor Level (AF Independent) for Non-default VRF

These configure a specific peer under the non-default VRF to be Add-Path capable for BGP router 65003, neighbor 90.0.0.1 and Acme VRF.
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# neighbor 90.0.0.1 additional-paths send any
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# neighbor 90.0.0.1 additional-paths send limit 7
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# neighbor 90.0.0.1 additional-paths send ecmp
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# neighbor 90.0.0.1 additional-paths send ecmp limit 7
 
switch(config)# router bgp 65003
switch(config-router-bgp)# vrf Acme
switch(config-router-bgp-vrf-Acme)# neighbor 90.0.0.1 additional-paths send backup

Configuring BGP Selective Route Download

The bgp route install-map command is used in the BGP configuration mode to enable BGP Selective Route Download. BGP Selective Route Download can also be configured in an address family or VRF instance as shown in the following examples.

The following examples show how to configure a prefix list and route map, then apply BGP Selective Route Download to the map.

Examples
  • These commands install BGP routes in the 10.0.0.0/24 and 20.0.0.0/24 ranges in the RIB (and thus in the hardware), but no other BGP routes.
    switch(config)# ip prefix-list PFXL_ALLOW
    switch(config-ip-pfx)# seq 1 permit 10.0.0.0/24 ge 24 le 32
    switch(config-ip-pfx)# seq 2 permit 20.0.0.0/24 ge 24 le 32
    switch(config-ip-pfx)# exit
    switch(config-ip-pfx)#

  • These commands configure the permit and deny rules for BGP routes.
    switch(config)# route-map BGP_INSTALL_MAP permit 10
    switch(config-route-map-BGP_INSTALL_MAP)# match ip address prefix-list PFXL_ALLOW
    switch(config-route-map-BGP_INSTALL_MAP)# exit
    switch(config)# route-map BGP_INSTALL_MAP deny 20
    switch(config)#

  • These commands configure Selective Route Download for the map BGP_INSTALL_MAP.
    switch(config)# router bgp 100 
    switch(config-router-bgp)# bgp route install-map BGP_INSTALL_MAP
    switch(config-router-bgp)#

The following examples show how to configure prefix lists individually for the IPv4 and IPv6 address families, then apply BGP Selective Route Download for these address families.

Examples
  • These commands configure the IPv4 address family prefix list.
    switch(config)# ip prefix-list V4_ALLOW
    switch(config-ip-pfx)# route-map BGP_V4_MAP permit 10
    switch(config-route-map-BGP_V4_MAP)# match ip address prefix-list V4_ALLOW
    switch(config-route-map-BGP_V4_MAP)# route-map BGP_V4_MAP deny 20
    switch(config-route-map-BGP_V4_MAP)# exit
    switch(config-route-map-BGP_V4_MAP)#

  • These commands configure the IPv6 address family prefix list.
    switch(config)# ipv6 prefix-list V6_ALLOW
    switch(config-ipv6-pfx)# route-map BGP_V6_MAP permit 10
    switch(config-route-map-BGP_V6_MAP)# match ipv6 address prefix-list V6_ALLOW
    switch(config-route-map-BGP_V6_MAP)# route-map BGP_V6_MAP deny 20
    switch(config-route-map-BGP_V6_MAP)# exit
    switch(config-route-map-BGP_V6_MAP)#

  • These commands configure Selective Route Download individually for the two address families.
    switch(config)# router bgp 200
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# bgp route install-map BGP_V4_MAP
    switch(config-router-bgp-af)# exit
    switch(config-router-bgp)# address-family ipv6
    switch(config-router-bgp-af)# bgp route install-map BGP_V6_MAP
    switch(config-router-bgp-af)#

Displaying BGP Selective Route Download Information

The show ip bgp command displays BGP RIB winning paths that are not installed in the RIB.

Example

The following command displays BGP routing table information for VRF default, showing winning paths that are not installed in the RIB.
switch# show ip bgp
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP  
                    S - Stale, c - Contributing to ECMP, b - backup  
Origin codes: i - IGP, e - EGP, ? - incomplete  
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop  
  
       Network             Next Hop         Metric  LocPref Weight Path  
 * >   6.0.0.0/24          1.0.0.1          0       100     0       ?   
 * #   7.0.0.0/24          1.0.0.1          0       100     0       ?   
switch#

The show ip bgp command with a specified prefix displays detailed information and the reason for the BGP RIB winning paths to that prefix not being installed in the RIB.

Example

The following command displays detailed information for the BGP routing table for VRF default.
switch# show ip bgp 7.0.0.0/24
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
BGP routing table entry for 7.0.0.0/24  
 Paths: 1 available  
  Local  
    1.0.0.1 from 1.0.0.1 (1.0.0.1)  
      Origin INCOMPLETE, metric 0, localpref 100, weight 0, valid, internal, not 
installed (denied by install-map) 
switch#

The show ip bgp installed command displays the list of installed routes in the BGP RIB.

Example

The following command displays the list of installed routes in BGP routing table for VRF defaults.
switch# show ip bgp installed   
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP  
                    S - Stale, c - Contributing to ECMP, b - backup  
Origin codes: i - IGP, e - EGP, ? - incomplete  
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop  
  
        Network             Next Hop         Metric  LocPref Weight Path  
 * >    6.0.0.0/24          1.0.0.1          0       100     0      ?    
switch#

The show ip bgp not-installed displays the list of non-installed routes in the RIB.

Example

The following command displays the list of non-installed routes in the BGP routing table for VRF default.
switch# show ip bgp not-installed 
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP  
                    S - Stale, c - Contributing to ECMP, b - backup  
Origin codes: i - IGP, e - EGP, ? - incomplete  
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop  
  
        Network             Next Hop         Metric  LocPref Weight Path  
 * #    7.0.0.0/24          1.0.0.1          0       100     0      ?    
switch#

Configuring BGP Attributes Ignore Received Lists

Configure BGP Attributes Ignore Received Lists using the router bgp command to enter the Router-BGP Configuration Mode. When adding the BGP attributes to the ignore list, EOS displays a warning message that in order to discard the BGP attributes from the existing BGP sessions, BGP must relearn the routes.

Adding BGP Attribute Ignore Received Lists

To add the feature to the default BGP configuration, use the following commands:
switch(config)#router bgp
switch(config-router-bgp)#neighbor default received attribute discard bgp_attributes
! To make this command effective for existing BGP sessions, clear all routes by issuing "clear ip bgp"

Adding BGP Attributes Ignore Received Lists to BGP Neighbors or Peers

To add the feature to a neighbor or peer group, use the following commands:
switch(config)#router bgp
switch(config-router-bgp)#neighbor ip_address peer_group received attribute discard bgp_attributes
! To make this command effective for existing BGP sessions, clear all routes by issuing "clear ip bgp"

Adding BGP Attributes Ignore Received Lists to a VRF

Configure BGP Attributes Ignore Received Lists on a VRF with the VRF configuration taking precedence over the global configuration.

For the global configuration, use the following commands:

switch(config)#router bgp
switch(config-router-bgp)#neighbor default received attribute discard 4-255

Use the following commands to configure a BGP Attribute Ignore Received List on VRF1 to ignore attributes 50 and 255 :

switch(config)#router bgp
switch(config-router-bgp)#vrf VRF1
switch(config-router-bgp-vrf-VRF1)#neighbor default received attribute discard 50,255
! To make this command effective for existing BGP sessions, clear all routes by issuing "clear ip bgp"

VRF1 discards only BGP attributes 50 and 255 and overrides the default configuration.

Use the following command to display the configuration:

router(config-router-bgp)#show active                                                                                                                                 
router bgp 1                                                                                                                                                   
  router-id 0.0.0.1                                                                                                                                           
  neighbor default received attribute discard 4-255                                                                                                                                                        
  vrf vrf1                                                                                                                                                 
     router-id 0.0.0.2                                                                                                                                        
     neighbor default received attribute discard 50,255

The output displays the default configuration discarding BGP attributes 4 through 255 and VRF1 discards only BGP attributes 50 and 255.

Disabling BGP Attributes Ignore Received Lists on a VRF

Configure BGP Attributes Ignore Received on a VRF by VRF basis using the following commands to enable the feature by default and then disabling it on a specific VRF, VRF1.

router(config-router-bgp)#neighbor default received attribute discard 4-255
! To make this command effective for existing BGP sessions, clear all the routes by issuing "clear ip bgp *"
router(config-router-bgp-vrf-vrf1)#neighbor default received attribute discard disabled
! To make this command effective for existing BGP sessions, clear all the routes by issuing "clear ip bgp *"

Use the following command to display the configuration:

router(config-router-bgp)#show active                                                                                                                                 
router bgp 1                                                                                                                                                   
  router-id 0.0.0.1                                                                                                                                           
  neighbor default received attribute discard 4-255                                                                                                                                                        
  vrf vrf1                                                                                                                                                 
     router-id 0.0.0.2                                                                                                                                        
     neighbor default received attribute discard disabled

The output displays the default configuration discarding BGP attributes 4 through 255, while VRF1 does not discard any BGP attributes.

Configuring Nexthop Resolution

The configuration model for this feature involves configuring and applying Nexthop Resolution RIB Profiles on a per-address family basis. There are two ways a profile can be applied: (1) across an entire address-family, or (2) a granular, route-map based mechanism for specific routes within an address family. The per-address-family configuration is the simplest. It enables specification of a unique profile for all the routes in a given address family, such as IPV4 unicast, or EVPN. In contrast, the route-map approach leverages the matching criteria of route-map statements to apply profiles to individual routes within an address family.

Note: Note the support for each configuration and submode were released in a phased manner.

The general configuration model for the CLI is a new command under the BGP address-family submode:
switch(config-router-bgp-af)# next-hop resolution ribs(PROFILE|[route-map NAME])

The PROFILE option is a list of up to three (3) resolution domains. The NAME option is the name of a route-map. Notice the PROFILE and route-map NAME options are mutually exclusive. That is, a resolution profile can be specified either explicitly at the address family level, or on a per-route basis via a route-map.

To enable setting a profile using a route-map, this feature adds support for a new set statement in the route-map submode:
switch(config-route-map-NAME)# set next-hop resolution ribs PROFILE

You ban combine this statement with existing match statements to select profiles based on the BGP path attributes of a route, or other properties.

As mentioned, the profile itself is a list of resolution domains:
PROFILE:=DOMAIN[DOMAIN[DOMAIN]]

Example configuration for EVPN MPLS, EVPN VXLAN and BGP Labeled-unicast:
switch(config)# router bgp id
switch(config-router-bgp)# address-family evpn
switch(config-router-bgp-af)# next-hop mpls resolution ribs PRIMARY-RIB [FALLBACK-RIB]
switch(config-router-bgp-af)# next-hop VXLAN resolution ribs IP-RIB
        ...
    address-family ipv4 labeled-unicast
      next-hop mpls resolution ribs PRIMARY-RIB [FALLBACK-RIB]
    address-family ipv6 labeled-unicast
      next-hop mpls resolution ribs PRIMARY-RIB [FALLBACK-RIB]

The PRIMARY-RIB and FALLBACK-RIB refers to either tunnel domain or IP RIB domain. EVPN VXLAN only supports IP-RIB domain.

Configure the tunnel domain as:
  • tunnel-rib <tunnel-rib-name> where the <tunnel-rib-name> refers to either the system-tunnel-rib or the user defined tunnel rib.

The IP domain can be either:
  • system-unicast-rib
  • system-connected

The system-unicast-rib refers to complete IP RIB and the system-connected refers to just the connected routes.

Primary and secondary RIBs cannot come from the same domain (for example, both cannot be from the tunnel domain and both cannot be from the IP RIB domain). The FALLBACK-RIB is optional.

Nexthops will first attempt to resolve, using the primary rib. If the resolution fails, it attempts to resolve using the fallback rib (if that exists).

Example
router bgp <id>
   address-family ipv4 labeled-unicast
      next-hop resolution ribs tunnel-rib USER_TR system-unicast-rib

All the nexthops of the IPV4 labeled-unicast routes will first attempt to resolve, using the tunnel rib USER_TR. If the resolution fails, the nexhops attempt to resolve using the complete unicast IP RIB.

Each DOMAIN can be either a system or user-defined tunnel RIB or a unicast RIB. The available resolution domains, and their corresponding tokens, are tabulated below:
Table 1.Domains
DomainTokenDescription
IP RIBsystem-unicast-ribThe complete IP unicast RIB is available for next-hop resolution.
Connected routes (IP)system-connectedOnly connected routes are available for next-hop resolution.
System tunnel RIBtunnel-rib system-tunnel-ribAll winning tunnels from all protocols are available for next-hop resolution.
System colored tunnel RIBtunnel-rib colored system-colored-tunnel-ribAll winning, colored tunnels from all protocols are available for next-hop resolution. Only routes with an associated color can be resolved by the system colored tunnel RIB.
User-defined tunnel RIBtunnel-rib NAMEAll contributing tunnels to the tunnel RIB called NAME are available for next-hop resolution.
IP RIB of VPN Import VRFvrf-unicast-ribThis token is limited to BGP L3VPNs.

Now the profile configuration is available under select BGP address family submodes. For example:
switch(config)# router bgp num
switch(config-router-bgp)# address-family evpn
switch(config-router-bgp-af)# next-hop mpls resolution ribs PROFILE
      next-hop VXLAN resolution ribs PROFILE
   address-family ipv4
      next-hop resolution ribs ( PROFILE | route-map NAME )
   address-family ipv4 labeled-unicast
      next-hop resolution ribs PROFILE
   address-family ipv6
      next-hop resolution ribs ( PROFILE | route-map NAME )
      next-hop 6pe resolution ribs PROFILE
   address-family ipv6 labeled-unicast
      next-hop resolution ribs PROFILE
   address-family vpn-ipv4
      next-hop resolution ribs PROFILE
   address-family vpn-ipv6
      next-hop resolution ribs PROFILE

Note that a given address-family may restrict the possible profiles which can be configured, and may not support specifying a route-map. For example, the resolution profile for 6PE routes, configured via next-hop 6pe resolution ribs PROFILE, is constrained to only the tunnel domain. That is, the profile cannot specify either system-unicast-rib or system-connected. This is, of course, because it is meaningless to resolve a 6PE next-hop using either of those resolution domains.

Release Matrices

The following tables detail the release in which the possible configurations for this feature are available.
ConfigurationRelease
next-hop resolution ribs PROFILE command
4.22.0F4.22.1F4.23.1F4.24.1F4.25.1FUnsupported / Not Applicable
IPv4/IPv6 unicast (non 6PE)X
IPv6 unicast 6PEX
IPv4/IPv6 VPN (vrf-unicast-rib)X
IPv4/IPv6 VPN (full profile)X
EVPN (MPLS)X
EVPN (VXLAN)X
IPv4/IPv6 LUX
IPv4/IPv6 MulticastX
IPv4/IPv6 SR TEX
FlowspecX
Path SelectionX
Link StateX
RT MembershipX
PROFILE configuration
Up to 2 resolution domainsX
Up to 3 resolution domainsX
system-colored-tunnel-ribX
next-hop resolution ribs route-map NAME command
IPv4/IPv6 unicast (non 6PE)X
IPv6 unicast 6PEX
IPv4/IPv6 VPNX
EVPN (MPLS)X
EVPN (VXLAN)X
IPv4/IPv6 LUX
IPv4/IPv6 MulticastX
IPv4/IPv6 SR TEX
FlowspecX
Path SelectionX
Link StateX
RT MembershipX
Route-map submode
match ip[v6] next-hopX
match ip[v6] address prefix-listX
match communityX
match extcommunityX
match large-communityX
All other match statementsX
All other set statementsX
sub-route-mapX

Default Resolution Profiles

Given the aforementioned configuration model, the default resolution profiles in EOS for each address-family can be expressed by the following:
Address-familyDefault profile
IPv4/IPv6 unicast (non 6PE)tunnel-rib colored system-colored-tunnel-rib tunnel-ribsystem-tunnel-rib system-unicast-rib
IPv6 unicast 6PEtunnel-rib colored system-colored-tunnel-rib tunnel-ribsystem-tunnel-rib
IPv4/IPv6 unicast (eBGP directly connected)system-connected
IPv4/IPv6 VPNtunnel-rib colored system-colored-tunnel-rib tunnel-ribsystem-tunnel-rib system-connected
IPv4/IPv6 LUtunnel-rib colored system-colored-tunnel-rib tunnel-ribsystem-tunnel-rib system-connected
EVPN (MPLS)tunnel-rib colored system-colored-tunnel-rib tunnel-ribsystem-tunnel-rib system-connected
EVPN (VXLAN)system-unicast-rib
IPv4/IPv6 MulticastThis is not supported. Multicast next-hops are first resolved in the MRIB. Failure to resolve in the MRIB results in a lookup in the unicast RIB.
FlowspecThese next hops are not resolved.

Note: Support for the system-colored-tunnel-rib was released in EOS Release 4.24.1F. For earlier releases, the defaults can be determined by omitting this resolution domain.

Semantics

When processing the next-hop of a route, the next-hop resolver attempts resolution by using the first domain in the route’s resolution profile. If the resolution domain successfully resolves the next-hop, the resolver stops. If resolution fails, however, the resolver moves onto the next domain, if it exists, and tries again. This iterative process continues until the next-hop is either resolved, or the profile is exhausted. In the latter case, the next-hop is left unresolved.

To illustrate this, consider the following example. This resolution profile constrains the resolution of a BGP route to only the IP unicast RIB:
switch(config-router-bgp-af)# next-hop resolution ribs system-unicast-rib

When a next-hop is unresolvable in the IP unicast RIB, and there are no further resolution domains to try, then the next-hop is ultimately unresolved. In contrast, the following profile first attempts resolution in the system colored tunnel RIB, then the system tunnel RIB, and finally attempts resolution using connected routes:
switch(config-router-bgp-af)# next-hop resolution ribs tunnel-rib colored system-colored-tunnel-rib tunnel-rib system-tunnel-rib system-connected

Therefore, only when a next-hop cannot be resolved by any of those domains will it be ultimately unresolved.

Route Map Semantics

This section describes semantics and limitations specific to the next-hop resolution ribs route-map NAME command.

The use of a route-map to select a custom resolution profile allows for per-route granularity rather than an entire BGP address-family. The next-hop resolution semantics of a next-hop whose profile is set using a route-map are the same as the per-address family configuration. However, unlike in the per-address family configuration model, a route-map makes it possible to leave the resolution profile for a next-hop unspecified. A next-hop for which the resolution profile is unspecified is left unresolved. The following example illustrates this as well as the recommended configuration.

The profile below constrains the resolution of a subset of IPV4 unicast routes to only the system tunnel RIB:
ip prefix-list SUBSET 192.0.2.1/32 192.0.2.2/32 192.0.2.3/32

route-map TUNNEL_ONLY permit 10
   match ip next-hop prefix-list SUBSET
   set next-hop resolution ribs tunnel-rib system-tunnel-rib

router bgp 64512
   address-family ipv4
      next-hop resolution ribs route-map TUNNEL_ONLY

Note, however, that the TUNNEL_ONLY route-map applies to all IPV4 unicast routes. Further, note that only routes whose next-hop value matches SUBSET will have a resolution profile set. All other IPV4 unicast routes will have no resolution profile. Any route without a resolution profile is left unresolved. This is often not intentional.

A more common use case is to allow the route’s which do not match a given sequence to fallback to the system default resolution behavior. This can be achieved by adding a second sequence to the route-map with no match statements (matches all routes), and a single set statement which sets the default profile (see the Default Resolution Profiles section) for the given address family.

Example
ip prefix-list SUBSET 192.0.2.1/32 192.0.2.2/32 192.0.2.3/32

route-map TUNNEL_ONLY permit 10
   match ip next-hop prefix-list SUBSET
   set next-hop resolution ribs tunnel-rib system-tunnel-rib
route-map TUNNEL_ONLY permit 20
   set next-hop resolution ribs tunnel-rib colored system-colored-tunnel-rib tunnel-rib system-tunnel-rib system-unicast-rib

router bgp 64512
   address-family ipv4
      next-hop resolution ribs route-map TUNNEL_ONLY

This feature provides an explicit token to automatically fallback to the default resolution profile of whichever address family the route-map is applied:
ip prefix-list SUBSET 192.0.2.1/32 192.0.2.2/32 192.0.2.3/32

route-map TUNNEL_ONLY permit 10
   match ip next-hop prefix-list SUBSET
   set next-hop resolution ribs tunnel-rib system-tunnel-rib
route-map TUNNEL_ONLY permit 20
   set next-hop resolution ribs system-default

router bgp 64512
   address-family ipv4
      next-hop resolution ribs route-map TUNNEL_ONLY

BGP L3VPNs: Next-hop Resolution ribs vrf-unicast-rib

This subfeature affects both the profile used to resolve BGP VPN routes as well as the VRF in which the route resolution takes place. With this feature disabled, or prior to EOS Release 4.22.0F, imported VPN routes and is subject to the following restriction:

For each VPN route received from a neighbor, the route is imported (based on route-targets) and installed into the target VRF (import-vrf), only if the nexthop of the route is resolvable via an MPLS tunnel in the default VRF.

With this feature enabled, the above restriction is lifted, enabling a VPN route to be imported into the target VRF unconditionally. The plain IP unicast route is subsequently resolved using the unicast RIB of the target VRF.

Note: With this feature enabled, no attempt is made to resolve the VPN route over an MPLS tunnel (even if one exists) in the default VRF. Therefore, the VPN routes received from a neighbor remains inactive in the default VRF.

To enable this feature, use the domain token vrf-unicast-rib under the IPV4 / IPV6 address family submodes:
switch(config-router-bgp-af)# next-hop resolution ribs vrf-unicast-rib

Examples
To enable the vrf-unicast-rib feature:
router bgp 64512
   address-family vpn-ipv4
      next-hop resolution ribs vrf-unicast-rib

The following IPV4 VPN route has been received from a neighbor:
switch(config)# show bgp vpn-ipv4
BGP routing table information for VRF default
Router identifier 0.0.0.1, local AS number 300
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
         Network             Next Hop         Metric  LocPref Weight Path
         RD: 11.0.1.1:0 IPv4 prefix 50.1.1.0/24
                             42.42.42.42      -       1       0      100 200 i

The route is inactive in the default VRF.

Also, there is a VRF, CUST-1, where the VPN route (based on the route-targets) is imported. In the CUST-1 VRF, the nexthop of the route is resolved via a static route to 42.42.42.42. With this feature enabled, the VPN route is imported and installed in the VRF CUST-1:
switch(config)# show ip bgp vrf CUST-1
BGP routing table information for VRF CUST-1
Router identifier 11.0.0.1, local AS number 300
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
         Network             Next Hop         Metric  LocPref Weight Path
      * >      50.1.1.0/24         42.42.42.42      -       1       0      100 200 i

To confirm the route is installed in the VRF CUST-1, use the show ip route command:
switch(config)# show ip route vrf CUST-1
VRF: CUST-1
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route
 S      42.42.42.42/32 is directly connected, Null0
 B I    50.1.1.0/24 is directly connected, Null0

The resolution profile used to resolve the next-hop can be seen using the show rib next-hop command. Note how the profile includes (only) the system-unicast-rib for CUST-1.
switch(config)# show rib next-hop ip vrf CUST-1 bgp detail
VRF: CUST-1, Protocol: bgp
Codes: * - Unresolved Next hop
       L - Part of a recursive route resolution loop
       A - Next hop not resolved in ARP/ND
11.0.1.1 [1 pref/0 metric] [ID: 18] type ipv4
   Resolution RIBs: system-unicast-rib
   via Null0, directly connected [ID 3]

Viewing the BGP Nexthop Resolution Status

The following existing show commands which have been enhanced for this feature:
  • show route-msp NAME
  • show bgp instance [vrf NAME]
  • show rib next-hop {ip | ipv6}[PROTCOL] detail

show route-map NAME
Use the show route-map NAME command to display the new set statement:
switch(config)# show route-map
route-map foo permit 10
  Description:
  Match clauses:
  SubRouteMap:
  Set clauses:
    set next-hop resolution ribs tunnel-rib system-tunnel-rib
route-map foo permit 20
  Description:
  Match clauses:
  SubRouteMap:
  Set clauses:
    set next-hop resolution ribs tunnel-rib colored system-colored-tunnel-rib tunnel-rib system-tunnel-rib system-unicast-rib

switch(config)#show route-map | json
{
   "routeMaps": {
      "foo": {
         "entries": {
            "20": {
               "setRules": {
                  "resolutionRibProfileConfig": {
                     "resolutionMethods": [
                        {
                           "ribType": "tunnel",
                           "colored": true,
                           "name": "system-colored-tunnel-rib"
                        },
                        {
                           "ribType": "tunnel",
                           "name": "system-tunnel-rib"
                        },
                        {
                           "ribType": "ip",
                           "name": "system-unicast-rib"
                        }
                     ]
                  }
               },
               "subRouteMap": {
                  "name": "",
                  "invert": false
               },
               "filterType": "permit",
               "matchRules": {},
               "description": []
            },
            "10": {
               "setRules": {
                  "resolutionRibProfileConfig": {
                     "resolutionMethods": [
                        {
                           "ribType": "tunnel",
                           "name": "system-tunnel-rib"
                        }
                     ]
                  }
               },
               "subRouteMap": {
                  "name": "",
                  "invert": false
               },
               "filterType": "permit",
               "matchRules": {
               },
               "description": []
            }
         }
      }
   }
},

show bgp instance [vrf NAME]

Use the show bgp instance command to inspect the configured profiles and route-maps for each address family. The diplay output has been extended to show the resolution ribs as seen below, done so in order to display the resolution ribs used for EVPN and BGP Labeled-unicast address families. The output displays the resolution rib profile configuration for the respective address families.

Example
switch(config-router-bgp)# show bgp instance
BGP instance information for VRF default
...
Address family IPv4 MplsLabel:
  Additional-paths installation is disabled
  Convergence based update synchronization is disabled
  Target RIBs: Tunnel RIB
    Resolution RIBs: tunnel-rib system-tunnel-rib, system-connected
...
Address family IPv6 MplsLabel:
  Additional-paths installation is disabled
  Convergence based update synchronization is disabled
  Target RIBs: Tunnel RIB
    Resolution RIBs: tunnel-rib system-tunnel-rib, system-connected
...
Address family L2VPN EVPN:
  Additional-paths installation is disabled
  Convergence based update synchronization is disabled
    VXLAN Resolution RIBs: system-unicast-rib
    Mpls Resolution RIBs: tunnel-rib system-tunnel-rib, system-connected

Use the show rib next-hop ip bgp command to display the per-via resolution profile.

show rib-next-hop {ip,ipv6} [proto] detail

Use the show rib next-hop {ip | ipv6}[proto] detail command to display which resolution profile is used to resolve each next-hop.

Example
switch#(config-router-bgp)# show rib next-hop ip bgp detail
VRF: default, Protocol: bgp
Codes: * - Unresolved Next hop
       L - Part of a recursive route resolution loop
       A - Next hop not resolved in ARP/ND
192.0.2.1 [110 pref/20 metric] [ID: 1] type ipv4
   Resolution RIBs: tunnel-rib colored system-colored-tunnel-rib, tunnel-rib system-tunnel-rib, system-unicast-rib
   via 198.51.100.1, Ethernet3 [ID: 10]
192.0.2.2 * [ID: 86]
   Resolution RIBs: No profile set for this next-hop
192.0.2.3 * [ID: 78]
   Resolution RIBs: tunnel-rib colored system-colored-tunnel-rib, tunnel-rib system-tunnel-rib, system-connected

Note how 192.0.2.2 has no profile set, and is therefore unresolved. This show command illustrates this clearly with the No profile set for this next-hop message.

User-defined Tunnel RIBs for NextHop Resolution

Currently, EOS generates a single system-defined tunnel RIB for the next-hop resolution.

When tunnels to the same destination address are learned from multiple protocols, a fixed preference that is associated with each protocol is used to determine the winning tunnel.

However, with the User-defined tunnel RIBs feature the user is allowed to create user-defined tunnel RIBs with:

  • Control over which protocols may contribute to the tunnel RIB.
  • The ability to override the preference for all tunnels from a protocol to achieve non-default ordering of tunnels.
  • The option to use it in a context where the system-defined tunnel RIB does not suffice.

Configuring User-defined Tunnel RIBs
A new tunnel-ribs configuration mode allows the creation of user-defined tunnel RIBs. For example, the following configuration creates a tunnel RIB with tunnels learned from IS-IS SR and LDP only, with IS-IS SR tunnels being preferred over LDP:
switch(config)# tunnel-ribs
switch(config-tunnel-ribs)# tunnel-rib SR_OVER_LDP
switch(config-tunnel-rib-SR_OVER_LDP)# source-protocol isis segment-routing preference 10
switch(config-tunnel-rib-SR_OVER_LDP)# source-protocol ldp preference 20

When adding a source protocol in a user-defined tunnel RIB, the preference is optional. A lower preference value indicates a more preferred protocol. If the preference is not specified, the following system-defined preference values are used:

Source ProtocolSystem-defined Preference
Static15
Nexthop group tunnel25
RSVP LER45
LDP55
IS-IS SR65
BGP-LU85

Modifying the system-tunnel-rib

The user can explicitly modify the default preferences for the system-tunnel-rib as well as user-defined RIBs:
switch(config)# tunnel-ribs
switch(config-tunnel-ribs)# tunnel-rib system-tunnel-rib
switch(config-tunnel-rib-system-tunnel-rib)#?
  source-protocol  Configure the tunnel source
  ----------------------------------------
  comment          Up to 240 characters, comment for this mode
  default          Set a command to its defaults
  exit             Leave Configure mode
  no               Disable the command that follows
  show             Display details of switch operation
  !!               Append to comment
 
switch(config-tunnel-rib-system-tunnel-rib)# source-protocol ?
  bgp            BGP tunnel
  isis           IS-IS tunnel
  ldp            LDP tunnel
  nexthop-group  Nexthop group tunnel
  rsvp-ler       RSVP LER tunnel
  static         Static tunnel
 
switch(config-tunnel-rib-system-tunnel-rib)# source-protocol rsvp-ler preference 2
switch(config-tunnel-rib-system-tunnel-rib)# exit
switch(config-tunnel-ribs)# show active all
tunnel-ribs
   tunnel-rib system-tunnel-rib
      source-protocol static
      source-protocol isis segment-routing
      source-protocol bgp labeled-unicast
      source-protocol nexthop-group
      source-protocol rsvp-ler preference 2
      source-protocol ldp

Displaying Tunnel RIB Information
  • Use the show tunnel rib to display the user defined RIB information:
    switch# show tunnel rib SR_OVER_LDP brief 
    Tunnel RIB: SR_OVER_LDP
    Endpoint        Tunnel Type   Index(es) Tunnel Preference  IGP Preference  IGP Metric 
    --------------- ------------- --------- ------------------ --------------- ---------- 
    1.1.1.1/32      IS-IS SR IPv4 2         10                 115             20    

  • Use the show tunnel rib brief command to display the system-defined tunnel RIB information.
    switch# show tunnel rib brief 
    Tunnel RIB: system-tunnel-rib
    Endpoint        Tunnel Type   Index(es) Tunnel Preference  IGP Preference  IGP Metric 
    --------------- ------------- --------- ------------------ --------------- ---------- 
    1.1.1.1/32      LDP           1         55                 1               0 

  • Use the show active all command to display the information about which source protocols contribute to the system-defined tunnel RIB.
    switch(config)# tunnel-ribs 
    switch(config-tunnel-ribs)# tunnel-rib system-tunnel-rib 
    switch(config-tunnel-ribs)# show active all
    tunnel-ribs
       tunnel-rib system-tunnel-rib
          source-protocol static
          source-protocol isis segment-routing
          source-protocol bgp labeled-unicast
          source-protocol nexthop-group
          source-protocol rsvp-ler
          source-protocol ldp

Configuring BGP Confederations

BGP confederations allow you to break an Autonomous System (AS) into multiple sub-ASs, and then to group the sub-ASs as a confederation. The sub-ASs exchange iBGP routing information (next-hop, local-preference and MED), but communicate via eBGP.

To configure a BGP confederation, complete the following tasks on each BGP device in the confederation.

  • Configure the local AS number: the local AS number is the membership number in a sub-AS. BGP devices with the same local AS number are identified as members of the same sub-AS. BGP devices always use the local AS number when communicating with other BGP4 devices in the confederation.

  • Configure the confederation ID: the confederation ID is the AS number for those BGP devices that are outside of the confederation. A BGP device outside the confederation is not aware that BGP devices are in multiple sub-ASs. The confederation ID must differ from the sub-AS numbers.

  • Configure the list of sub-AS numbers that are confederation members: devices in a sub-AS exchange information via iBGP, while devices in different sub-ASs use eBGP.

Figure 2.BGP Confederation Example

Examples

  • The router bgp command enables BGP and configures the router in sub-autonomous system 65050. The bgp confederation identifier command specifies that confederation 65050 belongs to autonomous system 100.

    The neighbors from other autonomous systems within the confederation are treated as special eBGP peers when using the bgp confederation peers command.

    switch(config)# router bgp 65050
    switch(config-router-bgp)# bgp confederation identifier 100
    switch(config-router-bgp)# bgp confederation peers 65060
    switch(config-router-bgp)#

  • The Arista EOS will group the maximum ranges together. In this example, peers 65032 and 65036 are not included in BGP confederation 100.
    switch(config)# router bgp 65050
    switch(config-router-bgp)# bgp confederation identifier 100
    switch(config-router-bgp)# bgp confederation peers 65060
    switch(config-router-bgp)# no bgp confederation peers 65032, 65036
    switch(config-router-bgp)#

Configuring BGP FlowSpec

Enable the BGP FlowSpec address family on a per-peer basis using the following commands:

Example

switch(config)# router bgp id
switch(config-router-bgp)# address-family flow-spec [ipv4 | ipv6]
switch(config-router-bgp-af)# neighbor address activate

Use the following command to explicitly enable BGP FlowSpec on an interface:

Example

switch(config)# interface Ethernet1
switch(config-if-Et1)# flow-spec ipv4 ipv6

Currently, both IPv4 and IPv6 must be enabled together on the interface. A user-defined TCAM profile, a feature introduced in EOS Relaease 4.20.5F, must be configured for TCAM support for BGP FlowSpec.

Warning: Creating user-defined TCAM profile on the Arista switch could cause serious issues that impact traffic. Test the BGP FlowSpec policer with the profile in the example. If you need to add new features in the profile, work with Arista's TAC team to define and test the new profile before deploying it on your production switches.

The ACL counters and BGP FlowSpec counters cannot be enabled simultaneously. To enable reporting of counters for BGP FlowSpec rules, use the following configuration:

Example

switch(config)# no hardware counter feature acl in
switch(config)# hardware counter feature flow-spec in

EOS supports BGP FlowSpec counter telemetry, and BGP updates the BGP FlowSpec counters periodically for a configured specific interval. Configure a range from 30 to 300 seconds.

To add BGP FlowSpec telemetry with an interval of 60 seconds, add the following parameter to the BGP configuration:

switch(config-router-bgp-af)# flow-spec counters poll interval 60 seconds

Note: The output from the show command reflects any updates and then refreshes the BGP FlowSpec counters.

Enabling BGP Flowspec on Layer 2 (L2) Interfaces

Enable BGP Flowspec on Layer 2 interfaces using the following commands:

switch(config)# flow-spec
switch(config-flow-spec)# hardware persistent
switch(config-flow-spec)# exit
switch(config)# interface eth1.1
switch(config-if-Eth1.1)# flow-spec ipv4

Configure FlowSpec for IPv4 or IPv6 on a L2 interface. Also, configure the TCAM profile to include the packet type, packet ipv4 forwarding bridged and packet ipv6 forwarding bridged.

Displaying Flowspec Information

The BGP show commands have been enhanced to display the flow-spec content for both IPv4 and IPv6 address families:

Example

The show bgp flow-spec ipv4 summary command displays the count of flowspec rules received from each peer:

switch(config)# show bgp flow-spec ipv4 summary
BGP summary information for VRF default
Router identifier 0.0.0.1, local AS number 10
Neighbor Status Codes: m - Under maintenance
  Neighbor     V  AS    MsgRcvd   MsgSent  InQ OutQ  Up/Down State  RulesRcd RulesAcc
  10.0.0.2     4  10         12         4    0    0 00:02:18 Estab  2        2
  10.0.1.2     4  10          6         4    0    0 00:02:18 Estab  0        0

The show bgp flow-spec ipv4 displays a brief description of each flowspec rule, including the matching rule and actions. The matching rule uses a format:

dest prefix; src prefix; [component:condition] +

The component is abbreviated, for example, DP for destination port and IP for IP Protocol as shown in the following example. The detail of the show command will display the full component name.

The condition is expressed with logical operators. In the following example, IP:=6|=17 matches any packets whose IP Protocol is 6 (TCP) or 17 (UDP). DP:>1010&<1024 matches any packets whose destination port is greater than 1010 and less than 1024.

Example

switch(config)# show bgp flow-spec ipv4
BGP Flow Specification rules for VRF default
Router identifier 0.0.0.1, local AS number 10
Rule status codes: # - not installed, M - received from multiple peers

   Matching Rule                                                Actions
   10.2.3.0/24;*;                                               Drop
   10.2.4.0/24;10.2.0.0/16;IP:=6|=17;DP:>1010&<1024;            Drop

The show bgp flow-spec detail displays the full details of each flowspec rule including the peer(s) it was received from, BGP properties, and an expanded description of the matching rule:

Example

switch(config)# show bgp flow-spec ipv4 detail
BGP Flow Specification rules for VRF default
Router identifier 0.0.0.1, local AS number 10
BGP Flow Specification Matching Rule for 10.2.3.0/24;*;
 Rule identifier: 3882065752
 Matching Rule:
   Destination Prefix: 10.2.3.0/24
   Source Prefix: *
 Paths: 1 available
  Local
    from 10.0.0.2 (10.1.1.2)
      Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
      Actions: Drop
BGP Flow Specification Matching Rule for 10.2.4.0/24;10.2.0.0/16;IP:=6|=17;DP:>1010&<1024;
 Rule identifier: 3882090640
 Matching Rule:
   Destination Prefix: 10.2.4.0/24
   Source Prefix: 10.2.0.0/16
   IP Protocol: =6 | =17
   Destination Port: >1010 & <1024
 Paths: 1 available
  Local
    from 10.0.0.2 (10.1.1.2)
      Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
      Actions: Drop

The show flow-spec ipv4 summary command displays an overall status of how many flowspec rules were received and how many were installed:

Example

switch(config)# show flow-spec ipv4 summary
Flow specification rules summary for VRF default
  Total number of rules: 2
  Number of installed rules: 2

The show flow-spec ipv4 displays the installation status of the rule, and a counter of how many hits it has accumulated. This command also compiles the received flowspec rules into rules that can be programmed into the TCAM. For example, logical expressions on values such as the destination port are converted to ranges, as shown below:

Example

switch(config)# show flow-spec ipv4
Flow specification rules for VRF default
Applied on: Ethernet47/1
  Flow-spec rule: 10.2.3.0/24;*;
    Rule identifier: 3882065752
    Matches:
      Destination prefix: 10.2.3.0/24
    Actions:
      Police: 80 Mbps (10 MBps)                            
      Redirect: VRF customer1
                Route via LDP tunnel index 4, MPLS label 100123
                Route via LDP tunnel index 1, MPLS label 116507
    Status:
      Installed: yes
      Counter: 312 packets
  Flow-spec rule: 10.2.4.0/24;10.2.0.0/16;IP:=6|=17;DP:>1010&<1024;
    Rule identifier: 3882090640
    Matches:
      Destination prefix: 10.2.4.0/24
      Source prefix: 10.2.0.0/16
      Next protocol: 17
                     6
      Destination port: 1011-1023
    Actions:
      Police: 80 Mbps (10 MBps)                            
      Redirect: VRF customer1
                Route via LDP tunnel index 4, MPLS label 100123
                Route via LDP tunnel index 1, MPLS label 116507
    Status:
      Installed: yes
      Counter: 0 packets

Infeasible rules are detected and not programmed, and this status is reported using the show flow-spec ipv4 command. Examples of the infeasible rules are:
  • The lt/gt/eq operator is missing in the numerical opVal component.
  • Co-existence of TCP flag component with ICMP type or code component in the same rule.
  • Co-existence of port based component with ICMP type or code component in the same rule.For example, the default route in the specified VRF can be resolved over a GRE or MPLS tunnel. The following show command output verifies the resolution over the tunnel.

For redirect actions, additional information is displayed to show how it was resolved.

Example

Actions:
      Redirect: VRF customer1
                Route via LDP tunnel index 4, MPLS label 100123
                Route via LDP tunnel index 1, MPLS label 116507

The specified nexthop in the flow-spec redirect action can be resolved by the respective VRFs IP RIB over MPLS or GRE tunnel, as shown in the following example:

Example

Actions:
      Redirect: VRF default, fc00:91:91:91::91
                Route via Static Interface tunnel index 1

Configuring BGP Logical OR of Multiple Community Lists

Adding the or-results token to the match community command allows you to do a logical OR between all provided community lists:
match community or-results COMMLIST1 COMMLIST2
match extcommunity or-results EXTCOMMLIST1 EXTCOMMLIST2
match large-community or-results LARGECOMMLIST1 LARGECOMMLIST2

Full configuration example:
  • Enable the Multi-agent mode.
    switch(config)# service routing protocols model multi-agent

  • Create community lists (extended and large communities are also compatible with or-results).
    switch(config)# ip community-list COMMLIST1 permit 1:1
    switch(config)# ip community-list COMMLIST2 permit 2:2

  • Configure Route-map with or-results.
    switch(config)# route-map IN-POLICY
    switch(config-route-map-IN-POLICY)#match community or-results
                                       COMMLIST1 COMMLIST2

Displaying BGP Logical OR Information

The or-results match clauses can be seen with the standard show route-map command, as shown in the following command display outputs.
switch# show route-map IN-POLICY
route-map IN-POLICY permit 10
  Description:
  Match clauses:
    match community or-results COMMLIST1 COMMLIST2
  SubRouteMap:
  Set clauses:
    set local-preference 500
route-map IN-POLICY permit 20
  Description:
  Match clauses:
  SubRouteMap:
  Set clauses:

switch# show run | in 200.200.200.57
   neighbor 200.200.200.57 remote-as 300
   neighbor 200.200.200.57 update-source Loopback200
   neighbor 200.200.200.57 ebgp-multihop
   neighbor 200.200.200.57 route-map IN-POLICY in
   neighbor 200.200.200.57 maximum-routes 0

switch# show ip bgp community 1:1
BGP routing table information for VRF default
Router identifier 220.220.220.51, local AS number 200
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop              Metric  LocPref Weight  Path
 * >     66.170.224.0/20        200.200.200.57        0       500     0       300 ?
 * >     66.170.232.0/21        200.200.200.57        0       500     0       300 ?
 * >     128.29.0.0/16          200.200.200.57        0       500     0       300 ?

switch# show ip bgp community 2:2
BGP routing table information for VRF default
Router identifier 220.220.220.51, local AS number 200
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop              Metric  LocPref Weight  Path
 * >     192.12.24.0/24         200.200.200.57        0       500     0       300 ?
 * >     192.47.242.0/24        200.200.200.57        0       500     0       300 ?

Setting the BGP Missing Policy Action

To set the default policy behavior for BGP so that all routes can be denied or rejected, use the bgp missing policy command. Options control inbound and outbound directions independently. When the inbound direction is affected, currently installed routes from the peer are removed (and withdrawn from other attached peers). When the outbound direction is affected, currently exported routes to the peer are withdrawn. Setting the Missing Policy Action options back to its default/permit value re-applies the current inbound route-map policy processing to the set of routes received from the peer and export routes according to the configured outbound route-map. If soft-reconfiguration is disabled and the inbound direction is affected then the peer must re-send its routes (e.g. a manual “clear ip bgp” command is required).

Configuring the BGP Missing Policy Action

Permit is the default missing policy action when no/default are applied. Entering the ‘default’ form of the command in a non-default VRF will cause the non-default VRF to inherit the setting from the default VRF. Entering the no form of the command in a non-default VRF will cause the non-default VRF to be configured with the permit setting regardless of the default VRF setting.

The include keyword is optional, and only takes effect in the multi-agent protocol model.

The following configures the BGP missing policy action.
switch(config-router-bgp)# bgp missing-policy [include {prefix-list|sub-route-map}] 
direction [in|out] action [permit|deny|deny-in-out]
switch(config-router-bgp)# [no|default] bgp missing-policy [include {prefix-list|sub-route-map}] 
direction [in|out] action

Actions

For the actions, the permit and deny options inherit the direction of route denial from the direction, while the deny-in-out option specifically calls out denying routes in both directions.

  • direction in action permit: allow all routes in the inbound direction when the inbound route-map is misconfigured (default).
  • direction out action permit: allow all routes in the outbound direction when the outbound route-map is misconfigured (default).
  • direction in action deny: deny all routes in the inbound direction when the inbound route-map is misconfigured.
  • direction out action deny: deny all routes in the outbound direction when the outbound route-map is misconfigured.
  • direction in action deny-in-out: deny all routes in both inbound/outbound directions when the inbound route-map is misconfigured.
  • direction out action deny-in-out: deny all routes in both inbound/outbound directions when the outbound route-map is misconfigured.

The include keyword specifies that the policy constructs in the route map should also be examined. The options to the include keyword are.

  • sub-route-map: examine the sub route map references if any are defined in a route map covered by a missing policy statement. If the sub route map statement – or any in a route map chain – makes a reference to a route map which does not exist, then the missing policy action will be applied.
  • prefix-list: examine the prefix list references if any are defined in a route map covered by a missing policy statement. If the prefix-list statement – or any in the applied route map chain – makes a reference to a prefix list which does not exist, then the missing policy action will be applied.

Displaying BGP Missing Policy Action Configurations

The show ip bgp neighbors command displays the status of a peer which is currently in the missing policy/default deny state. The Missing policy/default deny lines would be omitted if the configuration option is disabled or the route-maps are configured correctly.
switch(config-router-bgp)# show ip bgp neighbors
BGP neighbor is 1.0.0.2, remote AS 200, external link
BGP version 4, remote router ID 0.0.1.1, VRF default
Negotiated BGP version 4
…Missing policy/default deny import action is active
Missing policy/default deny export action is active
Inbound route map is rm1
Outbound route map is rm2
…

Configuring BGP Inbound Update Processing Delay

Apply an optional delay before processing inbound update messages from peers, and may be useful when routes from a peer depend on routes from another. The routes from the second peer must install before the routes from the first peer process, and applying the delay to the first peer allows the second peer to install the routes first. Configure the delay per peer and apply it to all address families negotiating with the peer. The delay timer starts when the peer becomes established, and routes from the peers with the delay process only after the time expires. EOS supports this feature on default and non-default VRFs on the network. The inbound delay does not apply to switch reloads or BGP agent restarts.

Configure the delay per peer and apply it to all address families negotiating with the peer. The delay timer starts when the peer becomes established, and routes from the peers with the delay process only after the time expires. EOS supports this feature on default and non-default VRFs on the network.

The inbound delay does not apply to switch reloads or BGP agent restarts.

Example

To configure the inbound update processing delay for 30 seconds on a peer group, mybgp-peers, use the following command:
switch(config)#router bgp
switch(config-router-bgp)#neighbor peer mybgp-peers rib-in delay 30 event peer-init

Configuring BGP IPv4-mapped IPv6 Address Next Hops for IPv6 Labeled-Unicast Routes

Receive-side Configuration

To configure BGP to translate IPv4-mapped IPv6 addresses to IPv4 addresses when receiving next hops in labeled-unicast routes, use the neighbor next-hop resolution v4-mapped-v6 translation command. With this configuration, when the switch receives an IPv4-mapped IPv6 address for the next hop of an IPv6 labeled-unicast route, it will translate it to an IPv4 address, which allows the next hop to be resolved in an IPv4 network. This command takes effect only if the multi-agent routing protocol model is running. It applies only to the default VRF.

Example

These commands enter BGP IPv6 Labeled-Unicast Address Family Configuration Mode for AS 64510 (creating the BGP instance if it does not exist) and enable the translation of IPv4-mapped IPv6 addresses to IPv4 addresses for neighbors in the v6_pg peer group.
switch(config)# router bgp 64510
switch(config-router-bgp)# address-family ipv6 labeled-unicast
switch(config-router-bgp-af-label)# neighbor v6_pg next-hop resolution v4-mapped-v6 translation
switch(config-router-bgp-af-label)#

Send-side Configuration

A BGP router advertising a route can provide the IPv4-mapped IPv6 address of one of its local interfaces, such as a loopback interface, as the next hop. This source interface is specified with the neighbor next-hop-self command. The interface must be configured with an IPv4 address for this to be effective.

This configuration does not enable next-hop-self. It simply specifies the interface to be provided if the router advertises itself as the next hop. The next-hop-self action can be enabled with the neighbor next-hop-self command, or by configuring Egress Peer Engineering (EPE) using the neighbor default-originate command, or by other methods.

Example

These commands enable the switch to advertise itself as a next hop for the peer at 2001:0db8::1, and then configure the switch to use the IPv4 address of the Loopback 0 interface for the next hop for the peer at 2001:0db8::1 if the route is IPv4-mapped IPv6.
switch(config)# router bgp 64510
switch(config-router-bgp)# neighbor 2001:0db8::1 next-hop-self
switch(config-router-bgp)# neighbor 2001:0db8::1 next-hop-self v4-mapped-v6 source-interface Loopback 0
switch(config-router-bgp)#

BGP Operational Commands

Shutdown

The shutdown (BGP) command disables BGP operations without disrupting the BGP configuration. The router bgp command disables BGP and removes the BGP configuration.

The shutdown (BGP) command resumes BGP activity.

Examples
  • This command disables BGP activity on the switch.
    switch(config-router-bgp)# shutdown
    switch(config-router-bgp)#

  • This command resumes BGP activity on the switch.
    switch(config-router-bgp)# no shutdown
    switch(config-router-bgp)#

Clearing the Routing Table and Resetting BGP Sessions

When entered without parameters, the clear ip bgp command clears all BGP learned routes from the routing table, reads routes from designated peers, and sends routes required by those peers. Routes that are read or sent are processed through any modified route map or AS-path access list.

Followed by an asterisk (*), it clears the BGP sessions with all BGP peers. To reset the session with a specific peer, enter the peer’s IP address at the end of the command.

Example

This command removes all BGP learned routes from the routing table.
switch# clear ip bgp
! Peerings for all neighbors were hard reset
switch#

BGP IPv6 Link Local Peers Discovery

BGP IPv6 Link Local Peers Discovery supports a dynamic configuration model to eliminate the need for the network administrator to assign and configure IPv6 addresses for BGP peering.

Leverage the following details to automatically establish BGP adjacency:
  • IPv6 link local addresses are automatically generated by the system based on MAC addresses.
  • IPv6 router advertisements are used to communicate these addresses among potential BGP peers.

BGP IPv6 Link Local Peers Discovery uses IPv6 router advertisement to discover the peers IPv6 link local address. Devices are required to have IPv6 routing enabled, and the interface used for peering must have an IPv6 link local address. The time taken to discover the peers IPv6 link local address is proportional to the time taken by the peer to send a router advertisement message. When bringing up BGP sessions based on router advertisements received, a flurry of router advertisements on the interfaces causes the Rib agent to do more work and potentially delays the discovery of BGP neighbors over those interfaces and the establishment of BGP sessions. Since these are link local addresses, the peers must be directly connected at Layer 3.

BGP Examples

This section shows example configurations and topologies for iBGP (BGP Example 1) and eBGP (BGP Example 2).

BGP Example 1

Example 1 features an internal BGP (iBGP) link that connects peers in AS 100.

BGP Example 1 Diagram

Figure 3 displays an iBGP connection, linking neighbors within AS 100. Each switch advertises two subnets. In UPDATE packets sent by Switch A, the LOCAL_PREF field is 150. In UPDATE packets sent by Switch B, the LOCAL_PREF field is 75.

Figure 3.BGP Example 1

BGP Example 1 Code

This code configures the Example 1 BGP instance on both switches.

  1. Configure the neighbor addresses.
    1. Specify the neighbor to Switch A.
      switchA(config)# router bgp 100
      switchA(config-router-bgp)# neighbor 10.100.100.2 remote-as 100

    2. Specify the neighbor to Switch B.
      switchB(config)# router bgp 100
      switchB(config-router-bgp)# neighbor 10.100.100.1 remote-as 100

  2. Configure the routes to be advertised.
    1. Advertise Switch A’s routes.
      switchA(config-router-bgp)# network 10.10.1.0/24
      switchA(config-router-bgp)# network 10.10.2.0/24

    2. Advertise Switch B’s routes.
      switchB(config-router-bgp)# network 10.10.3.0/24
      switchB(config-router-bgp)# network 10.10.4.0/24

  3. Configure the LOCAL_PREF.
    1. Configure LOCAL_PREF on Switch A.
      switchA(config-router-bgp)# neighbor 10.100.100.2 export-localpref 150

    2. Configure LOCAL_PREF on Switch B.
      switchB(config-router-bgp)# neighbor 10.100.100.2 export-localpref 75

  4. Modify the hold time and keepalive interval.
    1. Configure timers on Switch A.
      switchA(config-router-bgp)# timer bgp 30 90

    2. Configure timers on Switch B.
      switchB(config-router-bgp)# timer bgp 30 90

BGP Example 2

Example 2 creates an external BGP (eBGP) link that connects routers in AS 100 and AS 200.

BGP Example 2 Diagram

Figure 4 displays an eBGP connection, linking Switch A in AS 100 to Switch B in AS 200. Each switch advertises two subnets.

Switch A assigns a local preference of 150 to networks advertised by Switch B. Switch B assigns a local preference of 75 to networks advertised by Switch A.

Figure 4.BGP Example 2

BGP Example 2 Code

This code configures the Example 2 BGP instance on both switches.

  1. Configure the neighbor addresses.
    1. Specify the neighbor to Switch A.
      switchA(config)# router bgp 100
      switchA(config-router-bgp)# neighbor 10.100.100.2 remote-as 200

    2. Specify the neighbor to Switch B.
      switchB(config)# router bgp 200
      switchB(config-router-bgp)# neighbor 10.100.100.1 remote-as 100

  2. Configure the routes to be advertised.
    1. Advertise Switch A’s routes.
      switchA(config-router-bgp)# network 10.10.1.0/24
      switchA(config-router-bgp)# network 10.10.2.0/24

    2. Advertise Switch B’s routes.

      switchB(config-router-bgp)#network 10.10.3.0/24
      switchB(config-router-bgp)#network 10.10.4.0/24
  3. Configure the LOCAL_PREF.
    1. Configure LOCAL_PREF on Switch A.
      switchA(config-router-bgp)# neighbor 10.100.100.2 import-localpref 150

    2. Configure LOCAL_PREF on Switch B.
      switchB(config-router-bgp)# neighbor 10.100.100.2 import-localpref 75

  4. Modify the hold time and keepalive interval.
    1. Configure timers on Switch A.
      switchA(config-router-bgp)# timer bgp 30 90

    2. Configure timers on Switch B.
      switchB(config-router-bgp)# timer bgp 30 90

BGP Commands

Global Configuration Commands

Router General Command

Router-BGP Configuration Mode (Includes Address-Family Mode)

Route Map Configuration Mode

Clear Commands Privileged EXEC Mode

Display Commands EXEC Mode

address-family

The address-family command places the switch in address-family configuration mode to configure the address family setting of addresses configured as BGP neighbors. The address-family configuration mode is not a group change mode; running-config is changed immediately after commands are executed. The exit command does not affect the configuration.

The switch supports these address families:
  • ipv4-unicast
  • ipv6-unicast

The running-config displays the address-family commands in sub-blocks of the BGP configuration. The following commands are available in address family configuration mode:

The no address-family and default address-family commands delete the specified address family from running-config by removing all commands previously configured in the corresponding address-family mode.

The exit command returns the switch to router-BGP configuration mode.

Command Mode

Router-BGP Configuration

Command Syntax

bgp [ipv4 | ipv6]

no bgp [ipv4 | ipv6]

default bgp [ipv4 | ipv6]

Parameters
  • ipv4 subsequent commands are applied to the IPv4 unicast address family.
  • ipv6 subsequent commands are applied to the IPv6 unicast address family.

Example

These commands enter address family mode for IPv6-unicast, insert a command, then exit the mode:
switch(config)# router bgp 1
switch(config-router-bgp)# address-family ipv6
switch(config-router-bgp-af)# neighbor 172.10.1.1 activate
switch(config-router-bgp-af)# exit
switch(config-router-bgp)#

address-family flow-spec

Use the address-family flow-spec command to filter or redirect DDoS traffic on edge routers. The no and default versions of the command removes the filter to redirect the DDoS traffic.

Command Mode

BGP router configuration mode (config-router-bgp)

Command Syntax

address-family flow-spec [ipv4 | ipv6]

no address-family flow-spec [ipv4 | ipv6]

default address-family flow-spec [ipv4 | ipv6]

Parameters
  • ipv4 IPv4 flow specifications.
  • ipv6 IPv6 flow specifications.

Example

The BGP Flowspec address family is enabled on a per-peer basis with:

switch(config)# router bgp id
switch(config-router-bgp)# address-family flow-spec [ipv4|ipv6]
switch(config-router-bgp-af)# neighbor address activate

aggregate-address

The aggregate-address command creates an aggregate route in the Border Gateway Protocol (BGP) database. Aggregate routes combine the characteristics of multiple routes into a single route that the switch advertises. Aggregation can reduce the amount of information that a BGP speaker is required to store and transmit when advertising routes to other BGP speakers. Aggregate routes are advertised only after they are redistributed.

The advertised address of the aggregate is entered as an IP subnet; any routes configured on the switch that lie within that subnet then become contributors to the aggregate. Note that on Arista switches the BGP aggregate route will become active if there are any available contributor routes on the switch, regardless of the originating protocol. This includes routes configured statically.

Note: Aggregate routes are redistributed automatically, and their redistribution cannot be disabled.

Command options affect the attributes associated with the aggregated route, the advertisement of the contributor routes that comprise the aggregate, and which contributor routes are included.

Command options affect the following aggregate routing attributes:

  • AS_PATH attribute inclusion: the as-set option controls the aggregate route’s AS_PATH and ATOMIC_AGGREGATE attribute contents. AS_PATH identifies the autonomous systems through which UPDATE message routing information passes. ATOMIC_AGGREGATE indicates that the route is an aggregate or summary of more specific routes.

    When the command includes as-set, the aggregate route’s AS_SET attribute contains the AS numbers of contributor routes. This can help BGP neighbors to prevent loops by rejecting aggregate routes that include their AS number in the AS_SET.

    When the command does not include as-set, the aggregate route’s ATOMIC_AGGREGATE attribute is set and the aggregate route AS_PATH will include the longest leading PATH_SEQ of the AS_PATH which is common to all contributor routes. For example, for the aggregate 1.0.0.0/16 with two contributors present, the AS_PATH for the aggregate is 100 200 as shown.

    Aggregate

    1.0.0.0/16 as-path ??

    Contributors

    1.0.1.0/24 as-path 100 200 400 500

    1.0.2.0/24 as-path 100 200 300

  • Attribute assignment: the attribute-map option assigns attributes contained in set commands in a specified route map’s lowest sequence with any set command to the aggregated route, overriding the automatic determination of the aggregate route’s attributes by the switch.

  • Route suppression: the summary-only option suppresses the advertisement of the contributor routes that comprise the aggregate.

  • Contributor filtering: the match-map option uses a route map to filter out contributor routes that would otherwise be included in the aggregate.

The no aggregate-address and default aggregate-address commands remove the corresponding aggregate-address command from running-config.

Note: The configuration requires the match-map and the summary-only parameters to enforce the configuration.

Command Mode

Router-BGP Configuration

Command Syntax

aggregate-address AGGREGATE_NET [AS_SET][SUMMARY][ATTRIBUTE_MAP][MATCH_MAP]

no aggregate-address AGGREGATE_NET

default aggregate-address AGGREGATE_NET

Parameters
  • AGGREGATE_NET aggregate route IP address. Options include:
    • netv4_addr IPv4 subnet address (CIDR or address-mask notation).
    • netv6_addr IPv6 subnet address (CIDR notation).

  • AS_SET controls AS_PATH attribute values associated with aggregate route. Options include:
    • no parameter ATOMIC_AGGREGATE attribute is set. Route contains no AS_PATH data.
    • as-set route includes AS_PATH information from contributor routes as AS_SET attributes.

  • SUMMARY controls advertisement of contributor routes. Options include:
    • no parameter contributor and aggregate routes are advertised.
    • summary-only contributor routes are not advertised.

  • ATTRIBUTE_MAP controls attribute assignments to the aggregate route. Options include:
    • no parameter attribute values are not assigned to route.
    • attribute-map map_name assigns attribute values in set commands of the map’s permit clauses. Deny clauses and match commands in permit clauses are ignored.

  • MATCH_MAP filters contributors to the aggregate route. Options include:
    • no parameter no contributors are filtered.
    • match-map map_name filters contributor routes using the named match-map.

Examples
  • These commands create an aggregate route (10.16.48.0/20) from the contributor routes 10.16.48.0/23, 10.16.50.0/23, 10.16.52.0/23, and 10.16.54.0/23. The aggregate route includes the AS_PATH information from the contributor routes.
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 10.16.48.0/20 as-set
    switch(config-router-bgp)# exit
    switch(config)#

  • These commands create an aggregate route and use a route map to add a local-preference attribute to the route.
    switch(config)# route-map map1 permit 10
    switch(config-route-map-map1)# set community 45
    switch(config-route-map-map1)# exit
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 10.16.48.0/20 attribute-map map1
    switch(config-router-bgp)# exit
    switch(config)#

  • These commands create an aggregate route and use a route map to allow only those contributors which match a specified prefix list to be included in the aggregate route.
    switch(config)# route-map matchmap permit 10
    switch(config-route-map-matchmap)# match ip address prefix-list agglist
    switch(config-route-map-matchmap)# exit
    switch(config)# router bgp 1
    switch(config-router-bgp)# aggregate-address 1.1.0.0/16 match-map matchmap
    switch(config-router-bgp)#

bgp advertise-inactive

By default, BGP will advertise only those routes that are active in the switch’s RIB. This can contribute to dropped traffic. If a preferred route is available through another protocol (like OSPF), the BGP route will become inactive and not be advertised; if the preferred route is lost, there is no available route to the affected peers. Advertising inactive BGP routes minimizes traffic loss by providing alternative routes.

The bgp advertise-inactive command configures BGP to advertise inactive routes to BGP neighbors. Inactive route advertisement is configured globally, but the global setting can be overridden on a per-VRF basis.

The no bgp advertise-inactive and default bgp advertise-inactive commands restore the default BGP behavior (advertising only active routes) by removing the corresponding bgp advertise-inactive command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp advertise-inactive

no bgp advertise-inactive

default bgp advertise-inactive

Example

These commands configure BGP to advertise inactive routes.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp advertise-inactive
switch(config-router-bgp)#

bgp always-compare-med

The bgp always-compare-med command configures the switch to always consider Multi-Exit Discriminator (MED) values (also known as “metric”) in best-path selection. By default, this function is disabled, and MED values are compared only if two paths have the same neighbor AS.

When there are two or more links between autonomous systems, MED values may be set by a router in the originating AS to give preferences to certain routes. In comparing MED values, the lower value is preferred.

The no bgp always-compare-med and default bgp always-compare-med commands restore the default behavior of comparing MED values only on paths with the same neighbor AS.

Command Mode

Router-BGP Configuration

Command Syntax

bgp always-compare-med

no bgp always-compare-med

default bgp always-compare-med

Example

These commands configure BGP to always consider MED values in best-path comparisons.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp always-compare-med
switch(config-router-bgp)#

bgp bestpath as-path ignore

The bgp bestpath as-path ignore command configures BGP to ignore the length of the Autonomous System (AS) path when comparing routes. This behavior is disabled by default. Normally, the switch compares AS paths as the third step in the best-path selection process (see Best-Path Selection), preferring the route with the shorter AS path.

The no bgp bestpath as-path ignore and default bgp bestpath as-path ignore commands restore the default behavior of considering AS path length in route comparisons.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath as-path ignore

no bgp bestpath as-path ignore

default bgp bestpath as-path ignore

Example

These commands configure BGP to ignore AS path lengths when comparing routes.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath as-path ignore
switch(config-router-bgp)#

bgp bestpath as-path multipath-relax

The bgp bestpath as-path multipath-relax command allows multiple eBGP routes to a destination to be considered equal in ECMP if their AS paths are the same length despite having different autonomous systems in those paths. The no bgp bestpath as-path multipath-relax command configures best-path selection to consider two paths unequal if their AS path contents are different, and prefers the first path received.

Multipath-relax is enabled by default. The bgp bestpath as-path multipath-relax and default bgp bestpath as-path multipath-relax commands restore the default behavior by removing the corresponding no bgp bestpath as-path multipath-relax command from running-config.

For BGP to support equal cost multipath (ECMP) routing, the maximum-paths (BGP) command must be issued in router-BGP configuration mode.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath as-path multipath-relax

no bgp bestpath as-path multipath-relax

default bgp bestpath as-path multipath-relax

Example

These commands configure BGP best-path selection to consider routes unequal if the contents of their AS paths differ.
switch(config)# router bgp 64500
switch(config-router-bgp)# no bgp bestpath as-path multipath-relax
switch(config-router-bgp)#

bgp bestpath d-path

The bgp bestpath d-path command configures BGP to use the domain path length in bestpath route selection.

The no bgp bestpath d-path and default bgp bestpath d-path commands restore the default behavior of considering the domain path length in the route selection process.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath d-path

no bgp bestpath d-path

default bgp bestpath d-path

Example

These commands configure BGP to use the domain path length in the route selection process.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath d-path
switch(config-router-bgp)#

bgp bestpath ecmp-fast

By default, within an ECMP group the BGP best-path selection process prefers the active path (the first path received by the switch) unless a relevant tie-breaker is enabled. The no bgp bestpath ecmp-fast command causes the best-path selection process to ignore order of arrival and continue evaluating paths on other criteria.

The bgp bestpath ecmp-fast and default bgp bestpath ecmp-fast commands restore the default behavior by removing the corresponding no bgp bestpath ecmp-fast command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath ecmp-fast

no bgp bestpath ecmp-fast

default bgp bestpath ecmp-fast

Example

These commands configure BGP to ignore order of arrival in best-path comparisons of paths within an ECMP group.
switch(config)# router bgp 64500
switch(config-router-bgp)# no bgp bestpath ecmp-fast
switch(config-router-bgp)#

bgp bestpath med confed

By default, paths originating within the same confederation as the switch and received from confederation peers do not have their Multi-Exit Discriminator (MED) values compared as part of the best-path selection process. The bgp bestpath med confed command causes comparison of MED values in such routes. To ensure that MED values are considered in the best-path selection process for all routes received, use the bgp always-compare-med command.

The no bgp bestpath med confed and default bgp bestpath med confed commands restore the default behavior by removing the corresponding bgp bestpath ecmp-fast command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath med confed [missing-as-worst]

no bgp bestpath med confed [missing-as-worst]

default bgp bestpath med confed [missing-as-worst]

Parameters

  • missing as worst By default, best-path selection considers a missing MED value to be 0, so paths with missing MED values is preferred. This option reverses the behavior in comparisons of routes originating within the same confederation as the switch, treating a missing MED as having the highest (least preferred) value.
Note: The bgp bestpath med missing-as-worst command controls how best-path selection treats missing MED values for all routes received, and, if configured, overrides the missing-as-worst option of this command.

Example

These commands configure the BGP best-path selection process to consider MED values in comparisons between routes originating within the same confederation as the switch.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath med confed
switch(config-router-bgp)#

bgp bestpath med missing-as-worst

By default, BGP best-path selection considers a missing MED value to be 0, so paths with missing MED values will be preferred. The bgp bestpath med missing-as-worst command reverses the behavior, treating a missing MED as having the highest (least preferred) value.

The no bgp bestpath med missing-as-worst and default bgp bestpath med missing-as-worst commands restore the default behavior (giving preference to missing MED values) by removing the corresponding bgp bestpath med missing-as-worst command from running-config.

Note: This command overrides the missing-as-worst setting of the bgp bestpath med confed command.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath med missing-as-worst

no bgp bestpath med missing-as-worst

default bgp bestpath med missing-as-worst

Related Commands

Example

These commands configure the BGP best-path selection process to consider a missing MED value to be considered highest (least preferred) in MED comparisons for all routes received.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath med missing-as-worst
switch(config-router-bgp)#

bgp bestpath tie-break cluster-list-length

The bgp bestpath tie-break cluster-list-length command causes the best-path selection process to prefer the multipath route with the shortest CLUSTER_LIST length in case of a tie in step 10. The cluster list length is assumed to be 0 if the route does not carry a CLUSTER_LIST attribute.

The no bgp bestpath tie-break cluster-list-length and default bgp bestpath tie-break cluster-list-length commands restore the default behavior by removing the associated bgp bestpath tie-break cluster-list-length command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath tie-break cluster-list-length

no bgp bestpath tie-break cluster-list-length

default bgp bestpath tie-break cluster-list-length

Example

These commands configure the BGP selection process to prefer the multipath route with the shortest CLUSTER_LIST length in case of a tie.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath tie-break cluster-list-length
switch(config-router-bgp)#

bgp bestpath tie-break router-id

The bgp bestpath tie-break router-id command causes the best-path selection process to prefer the multipath route with the lowest ROUTER_ID in case of a tie in step 10. If the route is a reflected route (i.e., if it contains route reflector attributes), the process will use the ORIGINATOR_ID as the ROUTER_ID for comparison. This behavior is disabled by default.

The no bgp bestpath tie-break router-id and default bgp bestpath tie-break router-id commands restore the default behavior by removing the associated bgp bestpath tie-break router-id command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp bestpath tie-break router-id

no bgp bestpath tie-break router-id

default bgp bestpath tie-break router-id

Example

These commands configure the best-path selection process to prefer the multipath route with the lowest ROUTER_ID in case of a tie.
switch(config)# router bgp 64500
switch(config-router-bgp)# bgp bestpath tie-break router-id
switch(config-router-bgp)#

bgp client-to-client reflection

By default, routes received from a route reflector client and selected as best routes are propagated to all BGP peers, including other route reflector clients. If the clients are fully meshed, however, routes received from a client do not need to be mirrored to other clients. In this case, client-to-client reflection should be disabled.

The no bgp client-to-client reflection command disables client-to-client reflection.

The bgp client-to-client reflection and default bgp client-to-client reflection commands restore the default behavior by removing the no bgp client-to-client reflection command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp client-to-client reflection

no bgp client-to-client reflection

default bgp client-to-client reflection

Example

These commands disable client-to-client reflection on the switch.
switch(config)# router bgp 1
switch(config-router-bgp)# no bgp client-to-client reflection
switch(config-router-bgp)#

bgp cluster-id

When using route reflectors, an AS is divided into clusters. A cluster consists of one or more route reflectors and a group of clients to which they re-advertise route information, and for redundancy a single cluster may contain multiple route reflectors. Each route reflector has a cluster ID. If the cluster has only one route reflector the cluster ID is its router ID, but if a cluster has multiple route reflectors a 4-byte cluster ID must be assigned to all route reflectors in the cluster. All must be configured with the same cluster ID to allow them to identify updates from the cluster’s other route reflectors.

The bgp cluster-id command configures the cluster ID in a cluster with multiple route reflectors.

The no bgp cluster-id and default bgp cluster-id commands remove the cluster ID by removing the corresponding bgp cluster-id command from running-config. Do not remove the cluster ID if there are multiple route reflectors in the cluster.

Command Mode

Router-BGP Configuration

Command Syntax

bgp cluster-id ID_NUM

no bgp cluster-id

default bgp cluster-id

Parameters

ID_NUM cluster ID shared by all route reflectors in the cluster (32-bit dotted-decimal notation). Options include:
  • 0.0.0.1 to 255.255.255.255 valid cluster ID number.
  • 0.0.0.0 removes the cluster-ID from the switch. Equivalent to no bgp cluster-id command.

Example

This command sets the cluster ID for the switch to 172.22.30.101.

switch(config)# router bgp 1
switch(config-router-bgp)# bgp cluster-id 172.22.30.101
switch(config-router-bgp)#

bgp confederation identifier

The bgp confederation identifier command configures the confederation identifier. Confederation can reduce the number of iBGP connections in a large AS domain. The AS domain is divided into several smaller sub-ASs, and each sub-AS remains fully connected. Devices in a sub-AS exchange information via iBGP, while devices in different sub-ASs use eBGP.

The no bgp confederation identifier and default bgp confederation identifier commands remove the bgp confederation identifier command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp confederation identifier as_number

no bgp confederation identifier

default bgp confederation identifier

Parameter

as_number the ID of BGP AS confederation. Values range from 1 to 4294967295.

Example

This command sets the BGP confederation identifier to 9.
switch(config)# router bgp 1
switch(config-router-bgp)# bgp confederation identifier 9
switch(config-router-bgp)#

bgp confederation peers

The bgp confederation peers command configures a confederation consisting of sub-ASs.

Before this command is executed, the confederation ID should be configured using the bgp confederation identifier command. Otherwise this configuration is invalid. The configured ASs in this command are inside the confederation and each AS uses a fully meshed network. The confederation appears as a single AS to the devices outside it.

The no bgp confederation peers and default bgp confederation peers commands delete the specified sub-AS from the confederation by removing the corresponding bgp confederation peers command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

bgp confederation peers as_range

no bgp confederation peers as_range

default bgp confederation peers as_range

Parameter

as_range the sub-AS number. Formats include number (from 1 to 4294967295), number range, or comma-delimited list of numbers and ranges.

Example

This command configures the confederation that contains AS 1000 and AS 1002.
switch(config)# router bgp 1
switch(config-router-bgp)# bgp confederation peers 1000 1002
switch(config-router-bgp)#

bgp convergence time

The bgp convergence time command configures the time BGP waits before declaring all BGP sessions as converged, whether or not a EOR message has been received.

The no bgp convergence time command removes the configured convergence timeout. The default bgp convergence time command sets the timeout value to the default value.

Command Mode

Router-BGP Configuration

Command Syntax

bgp convergence time timeout_range

no bgp convergence time

default bgp convergence time

Parameter

timeout_range the maximum time to wait for the BGP convergence. Values range from 1 to 3600 seconds. The default value is 300 seconds.

Example

This command configures a convergence time of 200 seconds to wait before establishing a session.

switch(config)# router bgp 1
switch(config-router-bgp)# bgp convergence time 200
switch(config-router-bgp)#

bgp convergence slow-peer time

The bgp convergence slow-peer time command configures the idle peer time to wait for the slow peers to establish a session in a BGP convergence state.

The no bgp convergence slow-peer time command disables the inheritance of the configuration from the global BGP configuration mode. The default bgp convergence slow-peer time command sets the timeout value to the default value.

Command Mode

Router-BGP Configuration

Command Syntax

bgp convergence slow-peer time timeout

no bgp convergence slow-peer time

default bgp convergence slow-peer time

Parameter

timeout the maximum time to wait for the slow peers to establish a session connection. Values range from 1 to 3600 seconds. The default value is 90 seconds.

Example

This command configures an idle peer timeout of 40 seconds to wait before establishing a session.
switch(config)# router bgp 1
switch(config-router-bgp)# bgp convergence slow-peer time 40
switch(config-router-bgp)#

bgp default

The bgp default command configures the default address family activation level of all addresses configured as BGP neighbors. The switch sends the following announcements to addresses active in an address family:
  • ipv4 address family: IPv4 capability and all network advertisements with IPv4 prefixes.
  • ipv6 address family: IPv6 capability and all network advertisements with IPv6 prefixes.

The following commands configure default address family activation levels for addresses configured as BGP neighbors:

  • bgp default ipv4-unicast: all addresses are IPv4 address family active.
  • no bgp default ipv4-unicast: all addresses are not IPv4 address family active.
  • bgp default ipv6-unicast: all addresses are IPv6 address family active
  • no bgp default ipv6-unicast: all addresses are not IPv6 address family active.
  • bgp default ipv4-unicast transport ipv6: all BGP neighbor addresses are IPv4 address family active and IPv6 neighbors can receive IPv4 NLRIs.

Note: If it is necessary to exchange IPv4 NLRIs over an IPv6 connection, the IPv4 address family must be activated on the IPv6 neighbor. To do this for all IPv6 neighbors, use the command bgp default ipv4-unicast transport ipv6. For an individual neighbor, use the neighbor activate command for the IPv6 neighbor in the IPv4 address-family configuration mode as described below.

The activation state of an individual BGP neighbor address is configured by the neighbor activate command. The neighbor activate command overrides the address’s default activation state for the address family configuration mode in which the command is issued:
  • neighbor activate: the specified address is active.
  • no neighbor activate: the specified address is not active.

The default-default address family activation state defines the address family activation level of all addresses configured as BGP neighbors when running-config does not contain any bgp default commands. The default state of the BGP default activation level varies by address family.
  • ipv4 address family: all BGP addresses are IPv4 address family active.
  • ipv6 address family: all BGP addresses are not IPv6 address family active.

The default bgp default command restores the default-default activation setting for BGP neighbor addresses in the specified address family:
  • default bgp ipv4-unicast is equivalent to bgp ipv4-unicast.
  • default bgp ipv6-unicast is equivalent to no bgp ipv6-unicast.

Command Mode

Router-BGP Configuration

Command Syntax

bgp default ADDRESS_FAMILY

no bgp default ADDRESS_FAMILY

default bgp default ADDRESS_FAMILY

Parameters

ADDRESS_FAMILY BGP address family. Options include:
  • ipv4-unicast IPv4-unicast peering sessions.
  • ipv6-unicast IPv6-unicast peering sessions.

Example

These commands configure the switch to configure all BGP neighbor addresses as IPv4 address-family active and IPv6 address-family active.
switch(config)# router bgp 1
switch(config-router-bgp)# bgp default ipv4-unicast
switch(config-router-bgp)# bgp default ipv6-unicast
switch(config-router-bgp)# show active
router bgp 65533
   bgp log-neighbor-changes
   distance bgp 20 200 200
   neighbor 172.23.254.2 remote-as 65533
   neighbor 172.41.254.78 remote-as 65534
   neighbor 2001:0DB8:52a4:fe01::2 remote-as 65533
   neighbor 2001:0DB8:52a4:fe4c::1 out-delay 10
switch(config-router-bgp)#

The show active command does not display the bgp default ipv4-unicast command because it is the default setting for IPv4 peering sessions.

bgp enforce-first-as

The bgp enforce-first-as command causes a forced comparison of the first Autonomous System (AS) in the AS path of eBGP routes received from BGP neighbors to the configured remote external peer Autonomous System Number (ASN). Updates from eBGP peers that do not include that ASN as the first item in the AS path (in the AS_PATH attribute) are discarded.

This behavior is enabled by default upon BGP configuration, and disabled globally by the no form of this command. To configure first-AS enforcement for an individual neighbor or peer group, use the neighbor enforce-first-as command.

Command Mode

Router-BGP Configuration

Command Syntax

bgp enforce-first-as

default bgp enforce-first-as

no bgp enforce-first-as

Example

This command configures BGP to enforce the first AS globally.
switch(config-router-bgp)# bgp enforce-first-as
switch(config-router-bgp)#

bgp listen range

The bgp listen range command identifies the BGP peering request from a range of IPv4 or IPv6 address, and names the dynamic peer group to which those peers belong to. To create a static peer group, use the neighbor peer group (create) command.

The request can be from a single AS number or from a range of AS numbers configured. To accept the peering request from single ASN use the remote-as option, and to accept request from multiple ASNs use the peer-filter option.

Members of a dynamic peer group are configured in groups and not as individuals. Once a new peer group is created with a group name, the group name is then used as an argument by the following neighbor commands:

The no bgp listen range and default bgp listen range commands remove the dynamic peer group by deleting the corresponding command from running-config. To remove a static peer group, use the no neighbor command. All peering relationships with group members are terminated when the dynamic peer group is deleted.

Command Mode

Router-BGP Configuration

Command Syntax

bgp listen range NET_ADDRESS [PEER-ID include router-id ] peer-group group_name [remote-as as_number | peer-filter filter_name]

no bgp listen range NET_ADDRESS peer-group group_name

default bgp listen range NET_ADDRESS peer-group group_name

Parameters
  • NET_ADDRESS IP address range. Options include:
    • IPv4_subnet IPv4 subnet (CIDR notation).
    • IPv4_address mask subnet IPv4 subnet (dotted decimal notation).
    • IPv6_prefix IPv6 subnet (dotted decimal notation).

  • PEER-ID Additional specification for identifying a peer.
    • include Include following fields as part of peer identifier.
    • router-id Include router ID as part of peer identifier.

  • group_name name of the peer group.
  • as_number the autonomous system number, ranges from 1 to 4294967295.
  • filter_name name of the peer filter.

Examples
  • These commands create a dynamic peer group called brazil in AS 5 which accepts peering requests from the 192.168.6.0/24 subnet.
    switch(config)# router bgp 1
    switch(config-router-bgp)# bgp listen range 192.168.6.0/24 peer-group brazil remote-as 5
    switch(config-router-bgp)#

  • These commands create a dynamic peer group called brazil in a range of AS numbers, which accepts peering requests from the 192.0.2.0/24 subnet. The range of AS numbers is defined by peer filter option.
    switch(config)# router bgp 1
    switch(config-router-bgp)# bgp listen range 192.0.2.0/24 peer-group brazil peer-filter group-1
    switch(config-router-bgp)#

  • These commands enable the same address peering.
    switch(config)# router bgp 1
    switch(config-router-bgp)# bgp listen range 192.0.2.0/24 peer-id include router-id peer-group brazil peer-filter group-1

bgp log-neighbor-changes

The bgp log-neighbor-changes command configures the switch to generate a log message when a BGP peer enters or exits the established state. This is the default behavior.

The no bgp log-neighbor-changes command disables the generation of these log messages. The default bgp log-neighbor-changes command enables the generation of these log messages.

Command Mode

Router-BGP Configuration

Command Syntax

bgp log-neighbor-changes

no bgp log-neighbor-changes

default bgp log-neighbor-changes

Example

These commands configure the switch to generate a message when a BGP peer enters or exits the established state.
switch(config)# router bgp 1
switch(config-router-bgp)# bgp log-neighbor-changes 
switch(config-router-bgp)#

bgp redistribute-internal (BGP)

The bgp redistribute-internal command enables the redistribution of iBGP routes into an Interior Gateway Protocol (IGP).

The no bgp redistribute-internal command disable route redistribution from the specified domain by removing the corresponding bgp redistribute-internal command from running-config. The default bgp redistribute-internal command enables the redistribution of iBGP routes into an IGP.

Command Mode

Router-BGP Configuration Router-BGP Address-Family Configuration

Command Syntax

bgp redistribute internal

no bgp redistribute internal

default bgp redistribute internal

Example
This command redistributes internal BGP routes.
switch(config)# router bgp 9
switch(config-router-bgp)# bgp redistribute-internal
switch(config-router-bgp)#

bgp route install-map

The bgp route install-map command enables BGP Selective Route Download on the switch and allows the learning and advertising of the BGP routes without installing them in hardware.

The no bgp route install-map and default bgp route install-map commands delete the BGP Selective Route Download instance.

The exit command returns the switch to global configuration mode.

Command Mode

BGP Configuration

Command Syntax

bgp route install-map map_name

Parameter

map_name The name of the route map configured.

Example

These commands configure BGP Selective Route Download for test_BGP map.
switch(config)# router bgp 100
switch(config-router-bgp)# bgp route install-map test_BGP
switch(config-router-bgp)#

bgp route-reflector preserve-attributes

The bgp route-reflector preserve-attributes command configures the switch, when operating as a BGP route reflector, to preserve the BGP attributes of re-advertised routes. By default, BGP attribute preservation is disabled. When attribute preservation is enabled, the BGP attributes (next-hop,local preference, and metric) are preserved in the reflected routes regardless of outbound BGP policies, except when those policies are part of an outbound route map. To override outbound route maps, use the always keyword.

The no bgp route-reflector preserve-attributes and default bgp route-reflector preserve-attributes commands disable BGP attribute preservation.

Command Mode

Router-BGP Configuration

Command Syntax

bgp route-reflector preserve-attributes [always]

no bgp route-reflector preserve-attributes

default bgp route-reflector preserve-attributes

Parameter

always Always preserves route attributes, overwriting route map changes.

Related Command

neighbor route-reflector-client

Example

The following commands configure the switch as a route reflector and the neighbor at 10.5.2.1 as one of its clients, then configure the switch to preserve the BGP attributes of reflected routes unless overridden by an outbound route map policy.
switch(config)# router bgp 10
switch(config-router-bgp)# neighbor 10.5.2.11 route-reflector-client
switch(config-router-bgp)# bgp route-reflector preserve-attributes
switch(config-router-bgp)#

clear bgp history

To clear all messages for a peer or group of peers, use the clear bgp history command .

Command Mode

Privileged EXEC

Command Syntax

clear bgp [PEER | PREFIX | peer-group PEER_GROUP] history [connect-failures] [vrf VRF]

Parameters
  • PEER An IPv4 or IPv6 valid address.
  • PREFIX An IPv4 or IPv6 valid prefix.
  • peer-group PEER_GROUP A peer group name.
  • connect-failures Optional and will not affect the result.
  • vrf VRF A VRF name. If it’s not supplied, command will act upon VRF default.

If no peer, prefix, or peer-group is supplied, the clear bgp history command will clear the history for all peers in the specified VRF.

Related Command

show bgp neighbors history

Example

This example clears the BGP Peer group Purple history from VRF_1.
switch# clear bgp Purple history vrf VRF_1

clear ip bgp

The clear ip bgp command removes learned BGP routes from the routing table, reads all routes from designated peers, and sends routes to those peers as required. This command can also clear the switch’s BGP sessions with its peers.

Routes that are read or sent are processed through modified route maps or AS-path access lists.

Command Mode

Privileged EXEC

Command Syntax

clear ip bgp [PEERS] [RESET_TYPE] [DATA_FLOW] [VRF_INSTANCE]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addr the IPv4 peer with the specified IPv4 address.
    • ipv6_addr the IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • RESET_TYPE specifies the method used to reset routes. Options include:
    • no parameters performs a hard reset that terminates current BGP sessions and recreates the local routing information base.
    • soft performs a soft reset that maintains current BGP sessions and reconfigures the local routing information base using stored routes.

  • DATA_FLOW restricts soft reset to inbound or outbound routes. Hard reset is bidirectional. Options include:
    • no parameters resets inbound and outbound routes.
    • in resets inbound peer routes.
    • out resets outbound peer routes.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Guidelines

Use the clear ip bgp command after changing any of the following BGP attributes:
  • weights
  • distribution lists
  • timers
  • administrative distance

Examples
  • This command performs a hard reset of all IPv4 and IPv6 peers in the context-active VRF.
    switch# clear ip bgp
    ! Peerings for all neighbors were hard reset
    switch#

  • This command has the same behavior as the above clear ip bgp command.
    switch# clear ip bgp *
    ! Peerings for all neighbors were hard reset
    switch#

clear ip bgp counters

The clear ip bgp counters command resets general statistics of peers. These statistics primarily consist of message-related counts.

Command Mode

Privileged EXEC

Command Syntax

clear ip bgp [PEERS] counters [VRF_INSTANCES]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addrthe IPv4 peer with the specified IPv4 address.
    • ipv6_addrthe IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Example

This command resets general statistics of all IPv4 and IPv6 peers in the context-active VRF.
switch# clear ip bgp counters
! Counters for all neighbors were reset
switch#

clear ip bgp errors

The clear ip bgp errors command resets the error statistics and history of peers. Peer general statistics primarily consist of notification errors, socket errors, and update errors.

Command Mode

Privileged EXEC

Command Syntax

clear ip bgp [PEERS] errors [VRF_INSTANCES]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addr the IPv4 peer with the specified IPv4 address.
    • ipv6_addr the IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Example

This command resets the error statistics of all IPv4 and IPv6 peers in the context-active VRF.
switch# clear ip bgp errors
! Errors for all neighbors were reset
switch#

clear ip bgp neighbor

The clear ip bgp neighbor command clears BGP neighbors belonging to the IPv4 transport address family. To clear BGP neighbors in the IPv6 transport address family, use the clear ipv6 bgp neighbor command.

Command Mode

Privileged EXEC

Command Syntax

clear ip bgp neighbor [*] [vrf vrf_name] [reason

Parameters

* optional; all neighbors in the address family are cleared with or without this option

vrf vrf_name specifies a VRF instance for which IPv4 transport address family BGP neighbors will be cleared. If no VRF is specified, the command clears IPv4 BGP neighbors in the context-active VRF.

vrf all clears IPv4 BGP neighbors in all VRFs.

vrf default clears IPv4 BGP neighbors in the default VRF.

reason message includes the specified message string in the notification sent to neighbors. Maximum string length 250 characters.

Examples
  • This command clears all IPv4 BGP neighbors in the context-active VRF.
    switch# clear ip bgp neighbor
    ! Peerings for all ipv4 neighbors were hard reset
    switch#

  • This command clears all IPv4 BGP neighbors in VRF purple.
    switch# clear ip bgp neighbor vrf purple
    ! Peerings for all ipv4 neighbors were hard reset
    switch#

clear ipv6 bgp

The clear ipv6 bgp command removes learned BGP routes from the routing table, reads all routes from designated peers, and sends routes to those peers as required. This command can also clear the switch’s BGP sessions with its peers.

Routes that are read or sent are processed through modified route maps or AS-path access lists.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 bgp [PEERS] [RESET_TYPE] [DATA_FLOW] [VRF_INSTANCE]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addr the IPv4 peer with the specified IPv4 address.
    • ipv6_addr the IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • RESET_TYPE specifies the method used to reset routes. Options include:
    • no parameters performs a hard reset that terminates current BGP sessions and recreates the local routing information base.
    • soft performs a soft reset that maintains current BGP sessions and reconfigures the local routing information base using stored routes.

  • DATA_FLOW restricts soft reset to inbound or outbound routes. Hard reset is bidirectional. Options include:
    • no parameters resets inbound and outbound routes.
    • in resets inbound peer routes.
    • out resets outbound peer routes.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Guidelines

Use the clear ipv6 bgp command after changing any of the following BGP attributes:
  • weights
  • distribution lists
  • timers
  • administrative distance

Examples
  • This command performs a hard reset of all IPv4 and IPv6 peers in the context-active VRF.
    switch# clear ipv6 bgp
    ! Peerings for all neighbors were hard reset
    switch#

  • This command has the same behavior as the above clear ip bgp command.
    switch# clear ipv6 bgp *
    ! Peerings for all neighbors were hard reset
    switch#

clear ipv6 bgp counters

The clear ipv6 bgp counters command resets general statistics of peers. These statistics primarily consist of message-related counts.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 bgp [PEERS] counters [VRF_INSTANCES]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addr the IPv4 peer with the specified IPv4 address.
    • ipv6_addr the IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Example

This command resets general statistics of all IPv4 and IPv6 peers in the context-active VRF.
switch# clear ipv6 bgp counters
! Counters for all neighbors were reset
switch#

clear ipv6 bgp errors

The clear ipv6 bgp errors command resets the error statistics and history of peers. Peer general statistics primarily consist of notification errors, socket errors, and update errors.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6s bgp [PEERS] errors [VRF_INSTANCES]

Parameters
  • PEERS specifies targeted BGP peers. Options include:
    • no parameters all IPv4 and IPv6 peers.
    • * all IPv4 and IPv6 peers.
    • ipv4_addr the IPv4 peer with the specified IPv4 address.
    • ipv6_addr the IPv6 peer with the specified IPv6 address.
    • intrf_ipv6_addr the peer using the specified IPv6 link-local address.
    • peer-group peer_grp_name the peers using the specified BGP peer group.

  • VRF_INSTANCES specifies the VRF(s) examined for BGP peers. Options include:
    • no parameters resets matching peers in the context-active VRF.
    • vrf_name resets matching peers in the specified VRF.
    • all resets matching peers in all VRFs.
    • default resets matching peers in the default VRF.

Example

This command resets the error statistics of all IPv4 and IPv6 peers in the context-active VRF.
switch# clear ipv6 bgp errors
! Errors for all neighbors were reset
switch#

clear ipv6 bgp neighbor

The clear ipv6 bgp neighbor command clears BGP neighbors belonging to the IPv6 transport address family. To clear BGP neighbors in the IPv4 transport address family, use the clear ip bgp neighbor command.

Command Mode

Privileged EXEC

Command Syntax

clear ipv6 bgp neighbor [*] [vrf vrf_name] [reason message]

Parameters

* optional; all neighbors in the address family are cleared with or without this option

vrf vrf_name specifies a VRF instance for which IPv6 transport address family BGP neighbors will be cleared. If no VRF is specified, the command clears IPv6 BGP neighbors in the context-active VRF.

vrf all clears IPv6 BGP neighbors in all VRFs.

vrf default clears IPv6 BGP neighbors in the default VRF.

reason message includes the specified message string in the notification sent to neighbors. Maximum string length 250 characters.

Examples
  • This command clears all IPv6 BGP neighbors in the context-active VRF.
    switch# clear ipv6 bgp neighbor
    ! Peerings for all ipv6 neighbors were hard reset
    switch#

  • This command clears all IPv6 BGP neighbors in VRF purple and adds a message to the notification.
    switch# clear ipv6 bgp neighbor vrf purple reason going down for maintenance
    ! Peerings for all ipv6 neighbors were hard reset
    switch#

distance bgp

The distance bgp command assigns an administrative distance to routes that the switch learns through BGP. Routers use administrative distances to select a route when two protocols provide routing information to the same destination. Distance values range from 1 to 255; lower distance values correspond to higher reliability. BGP routing tables do not include routes with a distance of 255.

The distance command assigns distance values to external, internal, and local BGP routes:
  • external: Best-path routes learned from a neighbor external to the autonomous system. Default distance is 200.
  • internal: Internal routes are routes learned from a BGP entity within the same autonomous system. Default distance is 200.
  • local: Local routes are networks listed with a network router configuration command for that router or for networks that are redistributed from another process. Default distance is 200.

The no distance bgp and default distance bgp commands restore the default administrative distances by removing the distance bgp command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

distance bgp external_dist [INTERNAL_LOCAL]

no distance bgp

default distance bgp

Parameters
  • external_dist distance assigned to external routes. Values range from 1 to 255.
  • INTERNAL_LOCAL distance assigned to internal and local routes. Values for both routes range from 1 to 255. Options include:
    • no parameter the external_dist value is also assigned to internal and local routes.
    • internal_dist local_dist values assigned to internal and local routes.

Example

  • This command assigns an administrative distance of 150 to external routes, 200 to internal, and 150 to local routes.
    switch(config)# router bgp 1
    switch(config-router-bgp)# distance bgp 150 200 150
    switch(config-router-bgp)#

dynamic peer max

The dynamic peer max command limits the number of dynamic BGP peers allowed on the switch.

The no dynamic peer max and default dynamic peer max commands restore the default limit of dynamic BGP peers by removing the dynamic peer max command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

dynamic peer max maximum

no dynamic peer max

default dynamic peer max

Parameter

maximum the maximum number of dynamic BGP peers to be allowed on the switch. Values range from 1 to 1000; default value is 100.

Example

This command sets the maximum number of dynamic BGP peers allowed on the switch to 200.
switch(config)# router bgp 1
switch(config-router-bgp)# dynamic peer max 200
switch(config-router-bgp)#

graceful-restart stalepath-time

The graceful-restart stalepath-time command specifies the maximum time that stale routes from a restarting BGP neighbor will be retained after a BGP session is re-established with that peer.

The no graceful-restart stalepath-time and default graceful-restart stalepath-time commands restore the default value of 300 seconds by deleting the graceful-restart stalepath-time statement from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

graceful-restart stalepath-time interval

no graceful-restart stalepath-time

default graceful-restart stalepath-time

Parameter

interval Maximum period (in seconds) that stale routes from a restarting BGP neighbor will be retained after the BGP session is re-established. Values range from 1 to 3600 (60 minutes). Default is 300.

Example

These commands configure the stale path retention interval to 15 minutes.
switch(config)# router bgp 1
switch(config-router-bgp)# graceful-restart stalepath-time 900
switch(config-router-bgp)#

graceful-restart-helper

The graceful-restart helper command enables BGP graceful restart helper mode on the switch for all BGP neighbors. When graceful restart helper mode is enabled, the switch will retain routes from neighbors which are capable of graceful restart while those neighbors are restarting BGP. Graceful restart helper is enabled by default. To configure graceful restart helper mode for a specific neighbor or peer group, use the neighbor graceful-restart-helper command. Individual neighbor configuration takes precedence over the global configuration.

The no graceful-restart helper command disables graceful restart helper mode on the switch. The default graceful-restart helper command enables graceful restart helper mode by removing the corresponding no graceful-restart helper command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

graceful-restart helper long-lived

no graceful-restart helper long-lived

default graceful-restart helper long-lived

Parameter

long-lived Enables long lived graceful restart helper mode.

Example

These commands disable graceful restart helper mode on the switch.
switch(config)# router bgp 1
switch(config-router-bgp)# no graceful-restart-helper
switch(config-router-bgp)#

ip as-path access-list

The ip as-path access-list command creates an access list to filter BGP route updates. If access list list_name does not exist, this command creates it. If it already exists, this command appends statements to the list.

The no ip as-path access-list and default ip as-path access-list commands delete the named access list.

Command Mode

Global Configuration

Command Syntax

ip as-path access-list list_name FILTER_TYPE regex ORIGIN

no ip as-path access-list list_name

default ip as-path access-list list_name

Parameters
  • list_name the name of the AS path access list.
  • FILTER_TYPE access resolution of the specified AS path. Options include:
    • permit access is permitted.
    • deny access is denied.

  • regex a regular expression describing the AS path being filtered. Regular expressions are pattern-matching strings that are composed of text characters and operators.

  • ORIGIN the origin of the path information. Values include:
    • no parameter sets the origin to any.
    • any any BGP origin.
    • egp EGP origin.
    • igp IGP origin.
    • incomplete incomplete origin.

Example

These commands create an AS path access list named list1 which allows all BGP routes except those originating in AS 3.
switch(config)# ip as-path access-list list1 deny _3$
switch(config)# ip as-path access-list list1 permit .*
switch(config)#

ip as-path regex-mode

The ip as-path regex-mode command specifies how the switch will evaluate regular expressions describing AS paths in ACLs. When the regex mode is set to asn, AS numbers in the ACL are interpreted as AS numbers; only complete AS number matches in the AS path return a match. When it is set to string, AS numbers in the ACL are interpreted as strings; both complete AS number matches and longer AS numbers that include the target string return a match. The default mode is asn.

For example, asn mode returns as false and the string mode returns as true when searching for “10 in an AS path of 100 200.

The no ip as-path regex-mode and default ip as-path regex-mode commands restore the regex mode to asn by removing the ip as-path regex-mode command from running-config.

Command Mode

Global Configuration

Command Syntax

ip as-path regex-mode MODE_SETTING

no ip as-path regex-mode

default ip as-path regex-mode

Parameters

MODE_SETTING Specifies how regular expressions describing AS paths in AS path ACLs will be evaluated. Options include:
  • asn AS numbers in the ACL are interpreted as AS numbers; only complete AS number matches in the AS path return a match.
  • string AS numbers in the ACL are interpreted as strings; both complete AS number matches and longer AS numbers that include the target string return a match.

Example

This command sets the regex mode to string.
switch(config)# ip as-path regex-mode string
switch(config)#

ip community-list

The ip community-list command creates and configures a BGP access list based on BGP communities.

The no ip community-list and default ip community-list commands delete the specified community list by removing the corresponding ip community-list command from running-config.

Command Mode

Global Configuration

Command Syntax

ip community-list list_name [permit | deny] [GSHUT | aa:nn | internet | local-as | no-advertise | no-export | number]

no ip community-list list_name

default ip community-list list_name

Parameters
  • list_name name of the community list. Valid input is text.
  • permit permits access to the specified community.
  • deny denies access to the specified community.

    Note: The deny statements are ignored for all set community/extcommunity/large-community operations.

  • GSHUT well-known graceful shutdown community.
  • aa:nn AA is 65535 and NN specifies the community number (0-65535) within the AS.
  • internet advertises route to the Internet community.
  • local-as advertises route only to local peers.
  • no-advertise does not advertise route to any peer.
  • no-export advertises route only within BGP AS boundary.
  • number community number. Values ranges from 0 to 4294967040.

Guideline

EOS does not support disabling the process of graceful shutdown community.

Note: The ip community-list command with the permit internet option permits access to all routes associated with any community.

Examples
  • This command creates a BGP community list (named list_9) that does not match members of route maps configured with AS-network number 100:250.
    switch(config)# ip community-list list_9 deny 100:250
    switch(config)#

  • These commands create a BGP community list that permits the graceful shutdown community, then use that list it in a route map to permit routes with that community.
    switch(config)# ip community-list gshut_list permit GSHUT
    switch(config)# route-map map1
    switch(config-route-map-map1)# match community gshut_list
    switch(config-route-map-map1)# exit
    switch(config)# show route-map map1
    route-map map1 permit 10
      Description:
      Match clauses:
        match community gshut_list
      SubRouteMap:
      Set clauses:
    switch(config)#

  • This command permits access to all routes associated with the BGP community list (CLIST1).
    switch(config)# ip community-list CLIST1 permit internet
    switch(config)#

ip community-list regexp

The ip community-list regexp command creates and configures a BGP access list based on BGP communities. A BGP community access list filters prefixes based on their BGP communities. The command uses regular expressions to identify the communities specified by the list. To create a community list by explicitly specifying one or more communities, use the ip community-list command.

The no ip community-list regexp and default ip community-list regexp commands delete the specified community list. To delete a specific community-list entry, specify the entry in the no ip community-list regexp command.

Command Mode

Global Configuration

Command Syntax

ip community-list regexp list_name {deny | permit} reg_exp

no ip community-list regexp list_name {deny | permit} reg_exp

default ip community-list regexp list_name

Parameters
  • list_name name of the community list. Valid input is text.
  • permit access is permitted for the specified community.
  • deny access is denied for the specified community.

    Note: The deny statements are ignored for all set community/extcommunity/large-community operations.

  • reg_exp list of communities, formatted as a regular expression. Regular expressions are pattern-matching strings that are composed of text characters and operators.

    Note: When using the no form of the command, a regular expression can be used to specify a single entry to be removed from the list, leaving the rest of the list intact. If no entry is specified, the no form of the command removes the entire list.

Guideline

The ip community-list regexp command with the permit internet option permits access to only those routes that carry the community value of 0.

Examples
  • This command creates a BGP community list that permits routes from networks 20-24 and 30-34 in autonomous system 10.
    switch(config)# ip community-list regexp list_2 permit 10:[2-3][0-4]_
    switch(config)#

  • This command removes the above statement from the community list named list_2, leaving any other statements in the list intact.
    switch(config)# no ip community-list regexp list_2 permit 10:[2-3][0-4]_
    switch(config)#

  • This command deletes the community list named list_2 entirely.
    switch(config)# no ip community-list regexp list_2 
    switch(config)#

  • This command permits access to all routes associated with the BGP community list (CLIST1) that carry the community value 0.
    switch(config)# ip community-list regexp CLIST1 permit internet
    switch(config)#

ip extcommunity-list

The ip extcommunity-list command creates an extended community list to filter VRF routes or for Link BandWidth (LBW) advertisement.

The following extcommunity-list types are supported:
  • Route Target (RT) identifies sites that may receive appropriately tagged routes.
  • Site of Origin (SoO) identifies sites where the switch learned the route.
  • Link Bandwidth (LBW) advertises BGP link bandwidth.

The no ip extcommunity-list and default ip extcommunity-list commands delete the specified extended community list by removing the corresponding ip extcommunity-list statement from running-config.

Command Mode

Global Configuration

Command Syntax

ip extcommunity-list list_name {deny | permit} COMM_1 [COMM_2...COMM_n]

no ip extcommunity-list list_name

default ip extcommunity-list list_name

Parameters
  • list_name name of the extended community list.
  • deny access is denied for the specified community.
  • permit access is permitted for the specified community.
  • COMM_x extended community attribute. Options include:
    • rt aa:nn route target, as specified by autonomous system:network number.
    • rt ip_addr:nn route target, as specified by ip address:network number.
    • soo aa:nn Site of Origin, as specified by autonomous system:network number.
    • soo ip_addr:nn site of origin, as specified by ip address:network number.
    • lbw link bandwidth in bits per second.

Example

This command creates a BGP extended community list that denies routes from route target 100:250.

switch(config)# ip extcommunity-list list_9 deny rt 100:250
switch(config)#

ip extcommunity-list regexp

The ip extcommunity-list regexp command creates an extended community list to filter VRF routes or for link bandwidth (LBW) advertisement. The command uses regular expressions to define the extended communities specified by the list. To specify particular values, use the ip extcommunity-list command.

The following extcommunity-list types are supported:
  • Route Target (RT) identifies sites that may receive appropriately tagged routes.
  • Site of Origin (SoO) identifies sites where the switch learned the route.
  • Link Bandwidth (LBW) advertises BGP link bandwidth.

The no ip extcommunity-list regexp and default ip extcommunity-list regexp commands delete the specified extended community list by removing the corresponding ip extcommunity-list regexp statement from running-config.

Command Mode

Global Configuration

Command Syntax

ip extcommunity-list regexp list_name {deny | permit} reg_exp

no ip extcommunity-list regexp list_name {deny | permit} reg_exp

default ip extcommunity-list regexp list_name

Parameters
  • list_name name of the extended community list. Valid input is text.
  • deny access is denied for the specified extended community list.

    Note: The deny statements are ignored for all set community/extcommunity/large-community operations.

  • permit access is permitted for the specified extended community list.
  • reg_exp list of communities, formatted as a regular expression. Regular expressions are pattern-matching strings that are composed of text characters and operators.
    • Expressions beginning with RT: match the route target extended community attribute option.
    • Expressions beginning with SoO: match the site of origin extended community attribute option.

Example

This command creates a BGP extended community list that denies routes from route target networks 20-24 and 30-34 in autonomous system 10.
switch(config)# ip extcommunity-list regexp list_1 deny RT:10:[2-3][0-4]_
switch(config)#

ip large-community-list regexp

The ip large-community-list regexp command creates and configures a BGP access list based on BGP large communities. A BGP large-community access list filters prefixes based on their BGP large community values. The command uses regular expressions to match large communities. Multiple large-community lists with the same name may be specified. To create a large-community list by explicitly specifying one or more communities, use the ip large-community-list command.

Large-communities are represented as follows: [ASN]:local-part1:local-part2.

The no ip large-community-list regexp and default ip large-community-list regexp commands delete the specified large community list. To delete a specific community-list entry, specify the entry in the no ip large-community-list regexp command.

Command Mode

Global Configuration

Command Syntax

ip large-community-list regexp list_name {deny | permit} reg_exp

no ip large-community-list regexp list_name {deny | permit} reg_exp

default ip large-community-list regexp list_name

Parameters
  • list_name name of the community list. Valid input is text.
  • deny access is denied for the specified community.

    Note: The deny statements are ignored for all set community/extcommunity/large-community operations.

  • permit access is permitted for the specified community.
  • reg_exp list of communities, formatted as a regular expression. Regular expressions are pattern-matching strings that are composed of text characters and operators.

    Note: When using the no form of the command, a regular expression can be used to specify a single entry to be removed from the list, leaving the rest of the list intact. If no entry is specified, the no form of the command removes the entire list.

Examples
  • This command creates a BGP large community list that permits routes from autonomous system 10 with local-part1 value of 20-24 or 30-34.
    switch(config)# ip large-community-list regexp list_2 permit 10:[2-3][0-4]:_
    switch(config)#

  • This command removes the above statement from the large community list named list_2, leaving any other statements in the list intact.
    switch(config)# no ip large-community-list regexp list_2 permit 10:[2-3]:[0-4]_
    switch(config)#

  • This command deletes the large community list named list_2 entirely.
    switch(config)# no ip large-community-list regexp list_2
    switch(config)#

match as-range

The match as-range command defines the match statement for the peer-filter, based on the match statement the peer-filter accept or reject the incoming peer request. The match statement includes a sequence number, AS number range and a match condition to accept or reject a peer by comparing its remote AS number to the specified range. A peer filter can consist of a single match statement or multiple match statements. The match statement for the peer filter is configured under peer-filter configuration mode.

The no match as-range or default match as-range command deletes the peer-filter condition for the group from running-config.

Command Mode

Peer-Filter Configuration

Command Syntax

[sequence_number] match as-range [as_number1] [as_number2] result {accept | reject} group_name

no match as-range [as_number1] [as_number2] result {accept | reject} group_name

default match as-range [as_number1] [as_number2] result {accept | reject} group_name

Parameters
  • sequence_number optional sequence number for the match statement; one is automatically created if not assigned. Values range from 0 to 65535.
  • group_name name of the peer filter group.
  • as_number the autonomous system number, values range from 1 to 4294967295.

Examples
  • These commands define a peer filter that accepts any AS number.
    switch(config)# peer-filter group1
    switch(config-peer-filter-group1)# 10 match as-range 1-4294967295 result accept
    switch(config-peer-filter-group1)#

  • These commands define a peer filter that accepts any AS number within 65000 and 65100 (inclusive) except 65008 and 65009.
    switch(config)# peer-filter group2
    switch(config-peer-filter-group2)# 10 match as-range 65008-65009 result reject
    switch(config-peer-filter-group2)# 20 match as-range 65000-651000 result accept
    switch(config-peer-filter-group2)#

  • These commands define a peer filter that accepts three specific remote AS numbers.
    switch(config)# peer-filter group3
    eswitch(config-peer-filter-group3)# 10 match as-range 65003 result accept
    switch(config-peer-filter-group3)# 20 match as-range 65007 result accept
    switch(config-peer-filter-group3)# 30 match as-range 65009 result accept
    switch(config-peer-filter-group3)#

maximum-paths (BGP)

The maximum-paths command controls the maximum number of parallel BGP routes that the switch supports. The default maximum is one route. The command provides an Equal Cost Multiple Paths (ECMP) parameter that controls the number of equal-cost paths that the switch stores in the routing table for each route.

For paths to be consider equal, they must have the same weight, local preference, AS-path length, and origin. To require that they also have the same Mmulti-Exit Discriminator (MED) value, use the bgp always-compare-med command. To require that their AS paths have the same contents, use the bgp bestpath as-path multipath-relax command.

The no maximum-paths and default maximum-paths commands restore the default values of the maximum number of parallel routes and the maximum number of ECMP paths by removing the corresponding maximum paths command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

maximum-paths paths [ecmp ecmp_paths]

no maximum-paths

default maximum-paths

Parameters
  • paths maximum number of parallel routes. Default value is 1. Value must be less than or equal to the maximum number of ECMP paths.
  • ecmp_paths maximum number of ECMP paths for each route. Default is maximum value as defined belows.

    Value for each parameter ranges from 1 to the number of interfaces available per ECMP group, which is platform dependent.

    • Arad: Values range from 1 to 128. Default value is 128.
    • FM6000: Values range from 1 to 32. Default value is 32.
    • PetraA: Values range from 1 to 16. Default value is 16.
    • Trident: Values range from 1 to 32. Default value is 32.
    • Trident II: Values range from 1 to 128. Default value is 128.

Examples
  • These commands configure the maximum number of BGP parallel paths to 12 without changing the ECMP value.
    switch(config)# router bgp 1
    switch(config-router-bgp)# maximum-paths 12
    switch(config-router-bgp)#

  • These commands configure the maximum number of BGP parallel routes to 2, with a maximum of 4 ECMP paths for each route.
    switch(config)# router bgp 1
    switch(config-router-bgp)# maximum-paths 2 ecmp 4
    switch(config-router-bgp)#

neighbor

Use the neighbor command to enable large communities on a ‘per-neighbor’ or ‘per-peer group’ basis. This behavior is consistent with all other forms of communities supported by EOS.

Receiving and processing of large communities is enabled by default.

Command Mode

BGP router mode

Command Syntax

neighbor [A.B.C.D. [send-community [large]]| A:B:C:D:E:F:G:H | NAME | default| fe80::A:B:C:D% interface | interface]

Parameters
  • A.B.C.D. Neighbor IPv4 address
    • send-community Enable sending communities.
      • large Send large community attribute to this neighbor.

  • A:B:C:D:E:F:G:H Neighbor IPv6 address.
  • NAME Name of the peer-group.
  • default Apply to all neighbors.
  • fe80::A:B:C:D% interface Neighbor IPv6 link-local address.
  • interface Interface range to be used for BGP session establishment.

Example

You can enable large communities on a ‘per-neighbor’ or ‘per-peer group’ basis.

switch(config)# router bgp 1
switch(config-bgp-router)# neighbor 1.1.1.1 send-community large

neighbor activate

The neighbor activate command defines the configuration mode address family activation state of a specified address that is configured as a BGP neighbor. The switch sends the following announcements to addresses active in an address family:
  • IPv4 address family: IPv4 capability and all network advertisements with IPv4 prefixes.
  • IPv6 address family: IPv6 capability and all network advertisements with IPv6 prefixes.

The bgp default command configures the default address family activation state of addresses configured as BGP neighbors. The neighbor activate and no neighbor activate commands override the neighbor’s default activation state within the address family configuration mode.

neighbor activate: the specified address is active in the address family.

no neighbor activate: the specified address is not active in the address family.

The default neighbor activate command removes the corresponding neighbor activate or no neighbor activate command from running-config, restoring the default address family activation state for the specified neighbor address.

Command Mode

Router-BGP Address-Family Configuration

Command Syntax

neighbor neighbor_ID activate

no neighbor neighbor_ID activate

default neighbor neighbor_ID activate

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Limitations

The switch supports the advertisement of networks with IPv6 prefixes to IPv4 transport neighbors. The switch does not support the advertisement of networks with IPv4 prefixes to IPv6 transport neighbors.

Example

These commands activate the advertising of specified neighbors during IPv4 peering sessions, then display the result.
switch(config)# router bgp 1
switch(config-router-bgp)# no address-family ipv4
switch(config-router-bgp-af)# neighbor 172.41.18.15 activate
switch(config-router-bgp-af)# neighbor 172.49.22.6 activate
switch(config-router-bgp-af)# no neighbor 172.15.21.18 activate
switch(config-router-bgp-af)# show active
   address-family ipv4
      no neighbor 172.15.21.18 activate
      neighbor 172.49.22.6 activate
      neighbor 172.41.18.15 activate
switch(config-router-bgp-af)# exit
switch(config-router-bgp)#

neighbor allowas-in

By default, BGP drops received routes if their Autonomous System (AS) paths contain the AS Number (ASN) of the switch. The neighbor allowas-in command configures the switch to accept routes from the specified BGP neighbor even if their AS paths contain the ASN of the switch itself. Optionally, the command can also configure the maximum number of times that the switch’s ASN can appear in a route before it is dropped.

The no neighbor allowas-in command configures the default behavior (dropping BGP routes that contain the ASN of the switch).

The default neighbor allowas-in command applies the system default configuration for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the BGP neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID allowas-in [asn_quantity]

no neighbor neighbor_ID allowas-in

default neighbor neighbor_ID allowas-in

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • asn_quantity number of repetitions of the switch’s ASN allowed in the AS path of routes received from the specified BGP neighbor. Values range from 1 to 10. Default is 3.

Related Commands

This command is used on a customer edge router that is part of a split AS; to address the problem at the provider end, use the neighbor as-path remote-as replace out command.

Example

These commands configure the switch to accept routes from the BGP neighbor at 192.168.1.30 which contain the switch’s ASN in their AS paths as many as three times.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.1.30 allowas-in
switch(config-router-bgp)#

neighbor as-path remote-as replace out

By default, BGP drops received routes if their Autonomous System (AS) paths contain the AS Number (ASN) of the switch. In a split AS sharing route advertisements through a provider network, this can result in valid routes being dropped. The neighbor as-path remote-as replace out command configures a provider edge switch to replace the customer’s AS with its own in route advertisements sent to neighbors in that AS.

The no neighbor as-path remote-as replace out command configures the default behavior (leaving the customer’s AS in the AS path attribute of routes advertised to the specified neighbor).

The default neighbor as-path remote-as replace out command applies the system default configuration for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the BGP neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID as-path remote-as replace out

no neighbor neighbor_ID as-path remote-as replace out

default neighbor neighbor_ID as-path remote-as replace out

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Related Commands

This command is used on a provider edge router forwarding BGP routes to a customer in a split AS; to address the problem at the customer end, use the neighbor allowas-in command.

Example

These commands configure the switch to substitute its local ASN for the ASN of the BGP neighbor at 192.168.2.15 in BGP routes advertised to that neighbor.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.2.15 as-path remote-as replace out
switch(config-router-bgp)#

neighbor auto-local-addr

The neighbor auto-local-addr command configures the switch to automatically determine the local address to be used for the non-transport address family in NLRIs sent to the specified neighbor or peer group. This allows IPv4 NLRIs to be carried over IPv6 transport, or IPv6 NLRIs to be carried over IPv4 transport.

The no neighbor auto-local-addr command applies the system default configuration.

The default neighbor auto-local-addr command applies the system default configuration for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

Note: While this feature works well in eBGP deployments in which the pairing routers are directly connected and have matching IP address configurations, multi-hop eBGP or iBGP deployments may require manual local address configuration.

To explicitly configure a local address for the non-transport address family for a specific neighbor or peer group, use the neighbor local-v4-addr command for IPv6 neighbors, or the neighbor local-v6-addr for IPv4 neighbors.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID auto-local-addr

no neighbor neighbor_ID auto-local-addr

default neighbor neighbor_ID auto-local-addr

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

For the IPv6 neighbor at 2001:0DB8:c2a4:1761::2, these commands configure the switch to automatically determine the IPv4 NLRI value to be sent during peering sessions.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 2001:0DB8:c2a4:1761::2 auto-local-addr
switch(config-router-bgp)#

neighbor default-originate

The neighbor default-originate command advertises a default route to a BGP neighbor or peer group. This default route overrides the default route advertised by any other means to the specified neighbor or peer group. However, the update generated by neighbor default-originate is not processed by neighbor route map out policies.

If a route map is specified in this command, its set clauses are used to modify attributes of the exported default route, but its match clauses are not used to conditionally advertise the route. The default route is always advertised to the specified neighbor.

The no neighbor default-originate command applies the system default configuration.

The default neighbor default-originate command applies the system default configuration for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration Router-BGP Address-Family Configuration

Command Syntax

neighbor neighbor_ID default-originate [MAP]

no neighbor neighbor_ID default-originate

default neighbor neighbor_ID default-originate

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • MAP specifies route map that modifies attributes of the exported default route. Options include:
    • no parameter attributes are not modified by a route map.
    • route-map map_name attributes set by specified route map are assigned to the exported default route.

Example

These commands advertise a default route to the BGP neighbor at 192.168.14.5.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 192.168.14.5 default-originate
switch(config-router-bgp)#

neighbor description

The neighbor description command associates descriptive text with the specified peer or peer group.

The no neighbor description command removes the text association from the specified peer or peer group.

The default neighbor description command removes the text association from the specified peer for individual neighbors, and applies the peer group’s description to neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address or for the specified peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID description description_string

no neighbor neighbor_ID description

default neighbor neighbor_ID description

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • description_string text string to be associated with the neighbor or peer group.

Example

These commands associate the string PEER_1 with the peer located at 192.168.1.30.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.1.30 description PEER_1
switch(config-router-bgp)#

neighbor ebgp-multihop

The neighbor ebgp-multihop command programs the switch to accept and attempt BGP connections to the external peers residing on networks not directly connected to the switch. The command does not establish the multihop if the only route to the peer is the default route (0.0.0.0).

The no neighbor ebgp-multihop command applies the system default configuration.

The default neighbor ebgp-multihop command applies the system default configuration for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID ebgp-multihop [hop_number]

no neighbor neighbor_ID ebgp-multihop

default neighbor neighbor_ID ebgp-multihop

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • hop_number time-to-live (hops). Values range from 1 to 255. Default value is 255.

Example

These commands configure the switch to accept and attempt BGP connections to the external peer located at 192.168.1.30, setting the hop limit to 32.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.1.30 ebgp-multihop 32
switch(config-router-bgp)#

neighbor enforce-first-as

The neighbor enforce-first-as command causes a forced comparison of the first Autonomous System (AS) in the AS path of eBGP routes received from a specified BGP peer or peer group to the configured remote external peer Autonomous System Number (ASN). Updates from the specified eBGP peers that do not include an ASN as first AS path (in the AS_PATH attribute) are discarded.

This behavior is enabled globally by default upon BGP configuration, and disabled for the specified neighbor or peer group by the no form of the command. To configure first AS enforcement globally, use the bgp enforce-first-as command.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID enforce-first-as

no neighbor neighbor_ID enforce-first-as

default neighbor neighbor_ID enforce-first-as

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

This command disables enforcement of the first BGP AS for the neighbors in peer group region-3.
switch(config-router-bgp)# no neighbor region-3 enforce-first-as
switch(config-router-bgp)#

neighbor export-localpref

The neighbor export-localpref command determines the LOCAL_PREF value that is sent in BGP UPDATE packets to the specified peer or peer group. This command has no effect on external peers.

The no neighbor export-localpref command resets the LOCAL_PREF value to the system default of 100 in packets sent to the specified peer or peer group.

The default neighbor export-localpref command resets the LOCAL_PREF value to the system default of 100 for individual neighbors, and applies the peer groups’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address or the specified peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID export-localpref preference

no neighbor neighbor_ID export-localpref

default neighbor neighbor_ID export-localpref

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • preference preference value. Values range from 0 to 4294967295.

Example

This command configures the switch to fill the LOCAL_PREF field with 200 in UPDATE packets that it sends to the peer located at 10.1.1.45.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.1.1.45 export-localpref 200
switch(config-router-bgp)#

neighbor graceful-restart

The neighbor graceful-restart command enables the BGP graceful restart mode for a specified BGP neighbor or peer group. When graceful restart mode is enabled, the switch retains routes from neighbors that are capable of graceful restart. By default, graceful restart is disabled for all BGP neighbors. Individual neighbor configuration takes precedence over the global configuration.

The no neighbor graceful-restart and default neighbor graceful-restart commands disable graceful restart mode for the specified BGP neighbor or peer group by removing the corresponding no neighbor graceful-restart command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID graceful-restart

no neighbor neighbor_ID graceful-restart

default neighbor neighbor_ID graceful-restart

Parameter

neighbor_ID neighbors’s IPv4 or IPv6 address or peer group name.

Example

This command enables BGP graceful restart mode for the neighbor with the IP address 192.168.12.1.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.12.1 graceful-restart
switch(config-router-bgp)#

neighbor graceful-restart-helper

The neighbor graceful-restart helper command enables BGP graceful restart helper mode for the specified BGP neighbor or peer group. When graceful restart helper mode is enabled, the switch will retain routes from neighbors which are capable of graceful restart while those neighbors are restarting BGP. The neighbor graceful-restart-helper is enabled by default for all BGP neighbors. To configure graceful restart helper mode for all BGP neighbors, use the graceful-restart-helper command. Individual neighbor configuration takes precedence over the global configuration.

The no neighbor graceful-restart helper command disables graceful restart helper mode for the specified BGP neighbor or peer group. The default neighbor graceful-restart helper command enables graceful restart helper mode for the specified BGP neighbor or peer group by removing the corresponding no neighbor graceful-restart helper command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID graceful-restart helper long-lived

no neighbor neighbor_ID graceful-restart helper long-lived

default neighbor neighbor_ID graceful-restart helper long-lived

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • long-lived Enables long lived graceful restart helper mode.

Example

These commands disable graceful restart helper mode for the neighbor at 192.168.12.1.
switch(config)# router bgp 1
switch(config-router-bgp)# no neighbor 192.168.12.1 graceful-restart-helper
switch(config-router-bgp)#

neighbor import-localpref

The neighbor import-localpref command determines the local preference assigned to routes received from the specified external peer or peer group. This command has no effect on routes received from internal peers.no neighbor import-localpref

The command resets the local preference to the default of 100 for routes received from the specified peer or peer group.

The default neighbor import-localpref command resets the local preference to the default of 100 for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID import-localpref preference

no neighbor neighbor_ID import-localpref

default neighbor neighbor_ID import-localpref

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • preference preference value. Values range from 0 to 4294967295.

Example

These commands configure the switch to assign a local preference of 50 to routes received from the peer located at 192.168.1.30.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 192.168.1.30 import-localpref 50
switch(config-router-bgp)#

neighbor local-as

The neighbor local-as command changes the local AS value sent to the specified peer in OPEN messages, allowing the switch to appear as a member of a different AS to the selected peer. Arista switches replace the local AS number with the modified value rather than prepending it to routes, so we implement the command only as neighbor local-as no-prepend replace-as.

Note: To establish a BGP connection with a static peer, the peer must also be configured to expect the specified ASN. This is done by using the neighbor remote-as command on the peer switch.

The no neighbor local-as command disables this modification for the specified peer or peer group. The default neighbor local-as command disables this modification for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID local-as as_id no-prepend replace-as

no neighbor neighbor_ID local-as

default neighbor neighbor_ID local-as

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • as_id AS number that is sent in OPEN messages to the specified peer in place of the actual AS of the switch. Values range from 1 to 4294967295.

    This parameter cannot be set to the switch’s AS number or to any AS number in the peer’s network.

Examples

These commands configure the switch to replace its local ASN in OPEN messages sent to the peer at 10.13.64.1 with ASN 64500, and configure the peer to expect that ASN in messages received from the switch.
  • Switch Configuration
    switch(config)# router bgp 64497
    switch(config-router-bgp)# neighbor 10.13.64.1 local-as 64500 no-prepend
    switch(config-router-bgp)#

  • Peer Configuration
    peer(config)# router bgp 64502
    peer(config-router-bgp)# neighbor 10.4.3.10 remote-as 64500
    peer(config-router-bgp)#

neighbor local-v4-addr

The neighbor local-v4-addr command specifies the next-hop value that the switch sends as the IPv4 NLRI value to neighbors with whom IPv6 transport peering is established.

The no neighbor local-v4-addr command applies the system default configuration.

The default neighbor local-v4-addr command applies the system default configuration for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

To configure the switch to automatically determine the IPv4 address to be sent as the next-hop in IPv4 NLRIs to an IPv6 neighbor, use the neighbor auto-local-addr command.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID local-v4-addr ipv4_local

no neighbor neighbor_ID local-v4-addr

default neighbor neighbor_ID local-v4-addr

Parameters
  • neighbor_ID neighbor’s IPv6 address or peer group name.
  • ipv4_local next hop address.

Example

For the neighbor at 2001:0DB8:c2a4:1761::2, these commands specify an IPv4 NLRI value of 10.7.5.11 to be sent during IPv6 transport peering sessions.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 2001:0DB8:c2a4:1761::2 local-v4-addr 10.7.5.11
switch(config-router-bgp)#

neighbor local-v6-addr

The neighbor local-v6-addr command specifies the next-hop value that the switch sends as the IPv6 NLRI value to neighbors with which IPv4 transport peering is established.

In IPv6 peering sessions, the switch sends the global IPv6 address of the interface that is used to transmit BGP updates.

The no neighbor local-v6-addr command applies the system default configuration.

The default neighbor local-v6-addr command applies the system default configuration for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID local-v6-addr ipv6_local

no neighbor neighbor_ID local-v6-addr

default neighbor neighbor_ID local-v6-addr

Parameters
  • neighbor_ID neighbor’s IPv4 address or peer group name.
  • ipv6_local next hop address (A:B:C:D:E:F:G:H).

Example

For the neighbor at 10.7.5.11, these commands specify an IPv6 NLRI value that is sent during IPv4 transport peering sessions.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.7.5.11 local-v6-addr 2001:0DB8:c2a4:1761::2
switch(config-router-bgp)# show active
router bgp 1
   bgp log-neighbor-changes
   bgp default ipv6-unicast
   neighbor 10.7.5.11 local-v6-addr 2001:0DB8:c2a4:1761::2
switch(config-router-bgp)#

neighbor maximum-routes

The neighbor maximum-routes command determines the number of BGP routes the switch accepts from a specified neighbor and defines an action after exceeding the limit. To remove the maximum route limit, select a limit of zero (0).

The switch generates an error message when the number of routes a peer receives exceeds the limit. This command can also configure the switch to disable peering with the neighbor. In this case, the neighbor state resets with the clear ip bgp command.

The no neighbor maximum-routes command applies the system default maximum-routes value of 12000 for the specified peer.

The default neighbor maximum-routes command applies the system default value for individual neighbors and the peer group settings for neighbors who are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID maximum-routes quantity [ACTION]

no neighbor neighbor_ID maximum-routes

default neighbor neighbor_ID maximum-routes

Parameters
  • neighbor neighbor_ID - the neighbor IPv4 or IPv6 address or the peer group name.
  • maximum-routes quantity - the maximum number of routes. Values include the following:
    • 0 the switch does not define a route limit.
    • 1 to 4294967294 maximum number of routes.

  • ACTION switch action when the route limit exceeded. Values include:
    • warning-limit [number_of_routes | percentage] - Percentage of maximum routes to generate a warning. Setting this parameter to 0 does not send a warning.
    • warning-only - Send a warning when the number of routes exceeds the maximum route limit, but do not restart. Also, drop prefixes sent after exceeding the route limit.

Example

This command configures the switch to accept 15000 routes for the neighbor at 10.3.16.210. If the neighbor exceeds 15000 routes, the switch disables peering with the neighbor.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.3.16.210 maximum-routes 15000
switch(config-router-bgp)#

neighbor next-hop-peer

The neighbor next-hop-peer command configures the switch to list the peer address as the next hop in routes that it receives from the specified peer BGP-speaking neighbor or members of the specified peer group. This command overrides the next hop for all routes received from this neighbor or peer group.

The no neighbor next-hop-peer command applies the system default (no next-hop override) for the specified peer.

The default neighbor next-hop-peer command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address or the specified peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID next-hop-peer

no neighbor neighbor_ID next-hop-peer

default neighbor neighbor_ID next-hop-peer

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

This command configures the peer address of 10.3.2.24 as the next hop for routes advertised to the switch from the peer BGP neighbor.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.3.2.24 next-hop-peer
switch(config-router-bgp)#

neighbor next-hop-self

The neighbor next-hop-self command configures the switch to list its address as the next hop in routes that it advertises to the specified BGP-speaking neighbor or neighbors in the specified peer group. This is used in networks where BGP neighbors do not directly access all other neighbors on the same subnet.

The no neighbor next-hop-self command applies the system default (no next-hop override) for the specified peer.

The default neighbor next-hop-self command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address or for the specified peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID next-hop-self

no neighbor neighbor_ID next-hop-self

default neighbor neighbor_ID next-hop-self

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

This command configures the switch as the next hop for the peer at 10.4.1.30.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.4.1.30 next-hop-self
switch(config-router-bgp)#

neighbor next-hop resolution v4-mapped-v6 translation

The neighbor next-hop resolution v4-mapped-v6 translation command configures the switch to enable translation of IPv4-mapped IPv6 addresses to IPv4 addresses. With this setting enabled, when the switch receives an IPv4-mapped IPv6 address for a next hop, it will translate it to an IPv4 address. This allows the next hop to be resolved in an IPv4 network.

The no neighbor next-hop resolution v4-mapped-v6 translation and default neighbor next-hop resolution v4-mapped-v6 translation commands disable the translation from IPv4-mapped IPv6 addresses to IPv4 addresses.

Command Mode

BGP IPv6 Labeled-Unicast Address Family Configuration

Command Syntax

neighbor {neighbor_ID} next-hop resolution v4-mapped-v6 translation

no neighbor {neighbor_ID} next-hop resolution v4-mapped-v6 translation

default neighbor {neighbor_ID} next-hop resolution v4-mapped-v6 translation

Parameter

neighbor_ID a neighboring peer or peer group that may send IPv4-mapped IPv6 addresses to this switch.

Guidelines

  • This command is active only if the multi-agent routing protocol model is running.
  • This command requires an IPv6 labeled-unicast address family.
  • This command applies to the default VRF.

Example

These commands enter BGP IPv6 Labeled-Unicast Address Family Configuration mode for AS 64510 (creating the BGP instance if it does not exist) and enable the translation of IPv4-mapped IPv6 addresses to IPv4 addresses for neighbors in the v6_pg peer group.
switch(config)# router bgp 64510
switch(config-router-bgp)# address-family ipv6 labeled-unicast
switch(config-router-bgp-af-label)# neighbor v6_pg next-hop resolution v4-mapped-v6 translation
switch(config-router-bgp-af-label)#

neighbor out-delay

The neighbor out-delay command sets the period of time that a route update for the specified neighbor must be in the routing table before the switch exports it to BGP. The out delay interval is used for bundling routing updates.

The no neighbor out-delay command applies the system default (out-delay value of zero) for the specified peer.

The default neighbor out-delay command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the specified neighbor.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID out-delay delay_time

no neighbor neighbor_ID out-delay delay_time

default neighbor neighbor_ID out-delay delay_time

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • delay_time the out delay period (seconds). Values range from 0 to 600. Default value is 0.

Example

These commands set the out delay period to 5 seconds for the connection with the peer at 10.24.15.9.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.24.15.9 out-delay 5
switch(config-router-bgp)#

neighbor passive

The neighbor passive command sets the TCP connection for the specified BGP neighbor or peer group to passive mode. When the peer’s transport connection mode is set to passive, it accepts TCP connections for BGP but does not initiate them.

The no neighbor passive command sets the specified BGP neighbor or peer group to active connection mode. BGP peers in active mode can both accept and initiate TCP connections for BGP. This is the default behavior.

The default neighbor passive command restores the default connection mode. The default mode is active for individual BGP peers, or the mode inherited from the peer group for peer group members.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID passive

no neighbor neighbor_ID passive

default neighbor neighbor_ID passive

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

These commands configure the neighbor at IP address 10.2.2.14 to not initiate TCP connections for BGP peering.
switch(config)# router bgp 300
switch(config-router-bgp)# neighbor 10.2.2.14 passive
switch(config-router-bgp)#

neighbor password

The neighbor password command enables authentication on a TCP connection with a BGP peer. The plain-text version of the password is a string, up to 8 bytes in length. Peers must use the same password to ensure proper communication.

The running-config displays the encrypted version of the password. The encryption scheme is not strong by cryptographic standards; encrypted passwords should be treated in the same manner as plain-text passwords.

The no neighbor password command applies the system default for the specified peer, removing the neighbor password from the configuration and disabling authentication with the specified peer.

The default neighbor password command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor password and default neighbor password commands remove the neighbor password from the configuration, disabling authentication with the specified peer.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID password [ENCRYPT_LEVEL] key_text

no neighbor neighbor_ID password

default neighbor neighbor_ID password

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • ENCRYPT_LEVEL the encryption level of the key_text parameter. Values include:
    • no parameter the key_text is in clear text.
    • 0 the key_text is in clear text. Equivalent to the no parameter case.
    • 7 the key_text is MD5-encrypted.

  • key_text the password.

Example

This command specifies a password in clear text.
switch(config)# router bgp 1
switch(config-router-bgp)# neighbor 10.25.25.13 password 0 code123
switch(config-router-bgp)#

Running-config stores the password as an encrypted string.

neighbor peer group (create)

Peer groups allow the user to apply settings to a group of BGP neighbors simultaneously. Once a peer group is created, the group name can be used as a parameter in neighbor configuration commands, and the configuration will be applied to all members of the group. Settings applied to an individual neighbor in the peer group override group settings.

The neighbor peer group (create) command is used to create static BGP peer groups. Static peer groups are peer groups whose members are added manually. To assign BGP neighbors to a static peer group, use the neighbor peer group (neighbor assignment) command. To create a dynamic peer group, use the bgp listen range command.

The no neighbor peer group (create) and default neighbor peer group (create) commands remove the specified static peer group from running-config. When a static peer group is deleted, the neighbors that were members of that peer group lose any configuration that was inherited from the peer group. The no form of the bgp listen range command removes a dynamic peer group.

The no neighbor command removes all configuration commands for the specified neighbor.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor group_name peer group

no neighbor group_name peer group

default neighbor group_name peer group

Parameter

group_name peer group name.

Examples
  • These commands create a BGP peer group called bgpgroup1, assign several neighbors to the group, apply a route map, and adjust the configuration for one group member.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor bgpgroup1 peer group
    switch(config-router-bgp)# neighbor 10.1.1.1 peer group bgpgroup1
    switch(config-router-bgp)# neighbor 10.2.2.2 peer group bgpgroup1
    switch(config-router-bgp)# neighbor 10.3.3.3 peer group bgpgroup1
    switch(config-router-bgp)# neighbor bgpgroup1 route-map corporate in
    switch(config-router-bgp)# neighbor 10.3.3.3 maximum-routes 5000
    switch(config-router-bgp)# show active
    router bgp 9
    bgp log-neighbor-changes
       neighbor bgpgroup1 peer group
       neighbor bgpgroup1 route-map corporate in
       neighbor bgpgroup1 maximum-routes 12000
       neighbor 10.1.1.1 peer group bgpgroup1
       neighbor 10.2.2.2 peer group bgpgroup1
       neighbor 10.3.3.3 peer group bgpgroup1
       neighbor 10.3.3.3 maximum-routes 5000
    switch(config-router-bgp)#

  • This command removes peer group bgpgroup1 from running-config. The group members remain, but all settings that group members inherited from the peer group are removed.
    switch(config-router-bgp)# no neighbor bgpgroup1 peer group
    switch(config-router-bgp)# show active
    router bgp 9
    bgp log-neighbor-changes
       neighbor 10.1.1.1 maximum-routes 12000
       neighbor 10.2.2.2 maximum-routes 12000
       neighbor 10.3.3.3 maximum-routes 5000
    switch(config-router-bgp)#

neighbor peer group (neighbor assignment)

Peer groups allow the user to apply settings to a group of BGP neighbors simultaneously. Once a peer group is created, the group name can be used as a parameter in neighbor configuration commands, and the configuration will be applied to all members of the group. Settings applied to an individual neighbor in the peer group override group settings.

The neighbor peer group (neighbor assignment) command is used to assign BGP neighbors to an existing static peer group. To create a static peer group, use the neighbor peer group (create) command. A neighbor can only belong to one peer group, so issuing this command for a neighbor that is already a member of another group will remove it from that group.

The no neighbor peer group and default neighbor peer group commands remove the specified neighbor from all peer groups. When a neighbor is removed from a peer group, the neighbor retains the configuration inherited from the peer group.

The no neighbor command removes all configuration commands for the specified neighbor.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor NEIGHBOR_ADDR peer group group_name

no neighbor NEIGHBOR_ADDR peer group

default neighbor NEIGHBOR_ADDR peer group

Parameters
  • NEIGHBOR_ADDR address of a neighbor being added to peer group. Values include:
    • ipv4_addr neighbor’s IPv4 address.
    • ipv6_addr neighbor’s IPv6 address.

  • group_name peer group name.

Examples
  • These commands create a BGP peer group called bgpgroup1, assign several neighbors to the group, and apply a route map.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor bgpgroup1 peer group
    switch(config-router-bgp)# neighbor 10.1.1.1 peer group bgpgroup1
    switch(config-router-bgp)# neighbor 10.2.2.2 peer group bgpgroup1
    switch(config-router-bgp)# neighbor 10.3.3.3 peer group bgpgroup1
    switch(config-router-bgp)# neighbor bgpgroup1 route-map corporate in
    switch(config-router-bgp)#

  • This command removes the neighbor at 1.1.1.1 from the peer group. All settings that neighbor 10.1.1.1 inherited from the peer group are maintained.
    switch(config-router-bgp)# no neighbor 10.1.1.1 peer group
    switch(config-router-bgp)#

neighbor received attribute discard

The neighbor received attribute discard command allows the configuration of BGP Attribute Ignore Received Lists to discard update messages with a BGP attribute. The default parameter applies the configuration to all BGP neighbors. The disabled parameter explicitly disables the configuration.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor [default | ipv4 | ipv6] received attribute discard bgp_attribute_type

Command Syntax

  • default ipv4 ipv6 - Specify default to apply the configuration to all BGP neighbors. Specify an IPv4 or IPv6 address to apply the configuration to a specific BGP neighbor.
  • received - Configure the received path attribute.
  • attribute - Configure the path attributes manipulation commands.
  • discard - Discard the configured BGP Attributes.
  • disabled - Explicitly disable the configuration.
  • bgp_attribute_type - Configure a single BGP attribute or a range of BGP attributes to discard.

Examples

Use the following command to configure a BGP Attribute Ignore Received List with the BGP attributes 4-255 for all BGP neighbors on the network:

switch(config)#router bgp
switch(config-router-bgp)#neighbor default received attribute discard 4-255
! To make this command effective for existing BGP sessions, clear all routes by issuing "clear ip bgp"

Use the following command to configure a BGP Attribute Ignore Received List with the BGP attributes 4-255 for BGP neighbor, 10.0.0.2 on the network:

switch(config)#router bgp
switch(config-router-bgp)#neighbor 10.0.0.2 received attribute discard 4-255
! To make this command effective for existing BGP sessions, clear all routes by issuing "clear ip bgp"

neighbor remote-as

The neighbor remote-as command configures the expected AS Number for a neighbor (peer). This configuration is required to establish a static peer connection. Internal neighbors have the same AS Number (ASN); external neighbors have different ASNs.

Note: To establish a BGP session, there must be an IPv4 router ID configured in the same VRF or at least one L3 interface with an IPv4 address in the same VRF. If the VRF contains no L3 interfaces with IPv4 addresses (e.g., in an IPv6-only environment), configure an appropriate router ID using the router-id (BGP) command.

When a static peer is using the neighbor local-as command to replace its local ASN with a configured ASN in OPEN messages, use the neighbor remote-as command to configure the switch to expect the configured ASN for that peer.

The no neighbor remote-as command applies the system default for the specified peer or peer group.

The default neighbor remote-as command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID remote-as as_id

no neighbor neighbor_ID remote-as

default neighbor neighbor_ID remote-as

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • as_id Autonomous System (AS) of the peer. Values range from 1 to 4294967295.

Example

These commands establish an eBGP connection with the router at 10.4.3.10 in AS 64500.
switch(config)# router bgp 64497
switch(config-router-bgp)# neighbor 10.4.3.10 remote-as 64500
switch(config-router-bgp)#

neighbor remove-private-as

The neighbor remove-private-as command removes private autonomous system numbers from outbound routing updates for external BGP (eBGP) neighbors. When the Autonomous System (AS) path includes only private autonomous system numbers, the REMOVAL parameter specifies how the private autonomous system number is removed.

The no neighbor remove-private-as command applies the system default (preserves private AS numbers) for the specified peer.

The default neighbor remove-private-as command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID remove-private-as [REMOVAL]

no neighbor neighbor_ID remove-private-as

default neighbor neighbor_ID remove-private-as

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • REMOVAL specifies removal of all private AS numbers when the AS path contains only private AS numbers. Values include:
    • all removes all private AS numbers from AS path in outbound updates.
    • all replace-as all private AS numbers in AS path are replaced with router’s local AS number.

      Note: This command does not support a mix of public and private AS numbers.

Examples
  • These commands program the switch to remove all private AS numbers from outbound routing updates for the eBGP neighbor at 10.5.2.11 only if the AS path does not contain any public AS number.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.11 remove-private-as
    switch(config-router-bgp)#

  • This command replaces all private AS numbers in the AS path with the switch’s local AS number.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.11 remove-private-as all replace-as
    switch(config-router-bgp)#

neighbor rib-in delay

The neighbor rib-in delay command configures an inbound delay for installing routes from a peer on a BGP network. Routes from a second peer install before processing routes on the first peer.

The no|default commands remove the configuration from the switch.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor peer rib-in delay seconds event peer-init

Parameters

  • peer - the peer has one of the following formats:
    • A.B.C.D - Add the peer IPv4 address.
    • A:B:C:D:E:F:G:H - Add the peer IPv6 address.
    • name - Add the name of the peer-group.
    • default - apply the configuration to all neighbors.
    • fe0::A:B:C:D%_interface - Add the neighbor IPv6 link-local address.
    • interface - Specify the interface range to use for BGP session establishment.

  • rib-in - Configure the peer inbound route policy.
  • delay - Delay processing initial inbound route updates.
  • seconds - Specify the length of time, in seconds, to delay the inbound route updates.
  • event - Delay inbound route updates for specified events.
  • peer-init - Start the delay timer when the peer establishes on the network.

To disable the feature, configure the delay to zero (0) seconds:

switch(config-router-bgp)#neighbor peer rib-in delay 0 event peer-init

Example

Use the following command to delay the inbound route processing for 2 minutes on the peer-group, central-peer-group:

switch(config)#router bgp
switch(config-router-bgp)#neighbor central-peer-group rib-in delay 120 event peer-init

neighbor rib-in pre-policy retain

By default, inbound BGP routes that are filtered out by the inbound policy are still stored on the switch. Because all routes are retained, this allows policies to be changed without the need to reset the BGP sessions. All routes received by the switch (including those that were filtered out by the inbound policy) can be seen by issuing the show ip bgp neighbor received-routes command.

The no neighbor rib-in pre-policy retain command configures the switch to discard those routes received from the specified neighbor (or peer group) that are filtered out by the inbound policy.

The neighbor rib-in pre-policy retain command restores the system default behavior (retaining routes from the specified neighbor or group regardless of inbound policy).

The default neighbor rib-in pre-policy retain command applies the system default (retaining policy-rejected routes) for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID rib-in pre-policy retain [all]

no neighbor neighbor_ID rib-in pre-policy retain

default neighbor neighbor_ID rib-in pre-policy retain

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • all the command applies to all routes from the specified neighbor or peer group, including those that would otherwise be discarded as invalid (because their AS-Path contains the switch's own ASN, for example). Without this keyword, the command applies only to routes that were filtered out by the inbound policy.

Examples

  • These commands configure the switch to discard routes received from from the neighbor at 10.5.2.23 which are filtered out by the switch’s inbound policies.
    switch(config)# router bgp 9
    switch(config-router-bgp)# no neighbor 10.5.2.23 rib-in pre-policy retain
    switch(config-router-bgp)#

  • These commands configure the switch to retain all routes received from the neighbor at 10.5.2.23 (including invalid routes).
    switch(config)# router bgp 9
    switch(config-router-bgp)# no neighbor 10.5.2.23 rib-in pre-policy retain all
    switch(config-router-bgp)#

neighbor route-map (BGP)

The neighbor route-map command applies a route map to inbound or outbound BGP routes. When a route map is applied to outbound routes, the switch will advertise only routes matching at least one section of the route map. Only one outbound route map and one inbound route map can be applied to a given neighbor. A new route map applied to a neighbor will replace the previous route map.

The command is available in the router-bgp and the router-bgp-address-family configuration modes. The mode in which the command is executed determines the scope of the command:
  • In the router-bgp mode, the route map is applied to the specified neighbor in all peering sessions where it is advertised.
  • In the router-bgp-address-family mode, the route map is applied to the neighbors only in peering sessions corresponding to the configuration-mode address family.

The no neighbor route-map command discontinues the application of the specified route map for the specified neighbor and direction. Removing a route map from one direction does not remove it from the other if it has been applied to both.

The default neighbor route-map command applies the system default (no route map) for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Router-BGP Address-Family Configuration

Command Syntax

neighbor neighbor_ID route-map map_name DIRECTION

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • map_name name of a route map.
  • DIRECTION routes to which the route map is applied. Options include:
    • in route map is applied to inbound routes.
    • out route map is applied to outbound routes.

Example

This command applies a route map named inner-map to a BGP inbound route from 10.5.2.11.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.5.2.11 route-map inner-map in
switch(config-router-bgp)#

neighbor route-reflector-client

Participating BGP routers within an AS communicate eBGP-learned routes to all of their peers, but to prevent routing loops they must not re-advertise iBGP-learned routes within the AS. To ensure that all members of the AS share the same routing information, a fully meshed network topology (in which each member router of the AS is connected to every other member) can be used, but this topology can result in high volumes of iBGP messages when it is scaled. Instead, in larger networks one or more routers can be configured as route reflectors.

A route reflector is configured to re-advertise routes learned through iBGP to a group of BGP neighbors within the AS (its clients), eliminating the need for a fully meshed topology.

The neighbor route-reflector-client command configures the switch to act as a route reflector and configures the specified neighbor as one of its clients. Additional clients are specified by re-issuing the command.

The no neighbor route-reflector-client and default neighbor route-reflector-client commands disable route reflection by deleting the neighbor route-reflector-client command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID route-reflector-client

no neighbor neighbor_ID route-reflector-client

default neighbor neighbor_ID route-reflector-client

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Example

This command configures the switch as a route reflector and the neighbor at 10.5.2.1 as one of its clients.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.5.2.11 route-reflector-client
switch(config-router-bgp)#

neighbor route-to-peer

The neighbor route-to-peer command allows BGP to establish a connection to reach the specified peer using kernel routing table information. By default, route-to-peer configuration is enabled for a peer or a peer group.

The no neighbor route-to-peer command prevents BGP from using kernel routing table information to establish a BGP connection to reach a peer and the default neighbor route-to-peer command enables route-to-peer configuration for a peer or a peer group by removing the corresponding no neighbor route-to-peer command from the running-config.

If the peer is directly connected, BGP instead uses ARP table or neighbor table information to establish a BGP connection to reach the peer.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID route-to-peer

no neighbor neighbor_ID route-to-peer

default neighbor neighbor_ID route-to-peer

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or the peer group name.

Example

These commands establish a connection between the switch and the BGP peer located at IP address 172.16.1.1, and prevent BGP from using kernel routing table information to establish a route to that peer.
switch(config)# router bgp 64496
switch(config-router-bgp)# no neighbor 172.16.1.1 route-to-peer
switch(config-router-bgp)# neighbor 172.16.1.1 remote-as 100
switch(config-router-bgp)#

neighbor send-community

The neighbor send-community command configures the switch to include community path attributes for routes in the UPDATE messages advertised to the specified BGP neighbor. By default, the command enables the switch to send all community attributes: standard, extended, and large. To advertise only a subset of community attributes, use the keyword(s) for the community attribute(s) to be included. To add additional community attributes in a separate command, or to remove specific community attributes from advertised routes, use the neighbor send-community add / remove command.

Note: The neighbor send-community link-bandwidth command will override this command and vice-versa.

The no neighbor send-community command applies the system default (not sending community attributes in BGP UPDATE messages) for the specified peer.

The default neighbor send-community command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID send-community [extended] [large][standard]

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • extended includes extended community attributes.
  • large includes large community attributes.
  • standard includes standard community attributes.

Examples
  • These commands configure the switch to send all community attributes to the neighbor at address 10.5.2.23.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.23 send-community
    switch(config-router-bgp)#

  • These commands configure the switch to include only large community attributes in the routes sent to the neighbor at address 10.5.2.24.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.24 send-community large
    switch(config-router-bgp)#

  • These commands configure the switch to send only standard and large community attributes to the neighbor at address 10.5.2.25.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.25 send-community standard large
    switch(config-router-bgp)#

neighbor send-community add / remove

The neighbor send-community add / remove command modifies the types of community path attributes included for routes in the UPDATE messages advertised to the specified BGP neighbor without having to issue the neighbor send-community command.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID send-community {add | remove}{extended | large | standard}

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • add appends the specified community path attribute type to the list of community path attribute types sent to the specified neighbor.
  • remove removes the specified community path attribute type from the list of community path attribute types sent to the specified neighbor.
  • extended enables (or disables) sending of the extended community path attribute to the specified neighbor.
  • large enables (or disables) sending of the large community path attribute to the specified neighbor.
  • standard enables (or disables) sending of the standard community path attribute to the specified neighbor.
  • link-bandwidth see neighbor send-community link-bandwidth for a description of this parameter.

Guidelines
  • If the neighbor send-community command has been issued for the neighbor without specifying any community types, that neighbor will receive all community attributes in the routes advertised to it. Using the neighbor send-community add command then to add an attribute will cause the switch to send only the specified community types in advertised routes. This results in the other community path attributes no longer being advertised to that BGP peer.
  • If all community types are removed using the neighbor send-community remove command, the switch will then send routes with all community types. (This behavior is maintained for backward compatibility.) To remove all community path attributes from routes sent to the specified neighbor, use the neighbor send-community command.
  • After using this command, issue the show active command in router-bgp configuration mode to ensure that the intended attributes are being sent to the specified neighbor.

Examples
  • These commands configure the switch to send large community attributes in the routes sent to the neighbor at address 10.5.2.24, then add extended community attributes as well.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.24 send-community large
    switch(config-router-bgp)# neighbor 10.5.2.24 send-community add extended
    switch(config-router-bgp)# show active
    switch(config-router-bgp)# neighbor 10.5.2.24 send-community add extended
    switch(config-router-bgp)# show active
    router bgp 9
       neighbor 10.5.2.24 send-community extended large
       neighbor 10.5.2.24 maximum-routes 12000
    switch(config-router-bgp)#

  • These commands configure the switch to include extended and large community attributes in the routes sent to the neighbor at address 10.5.2.27, then remove the large attribute from the list of community types to be included.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.27 send-community extended large
    switch(config-router-bgp)# neighbor 10.5.2.27 send-community remove large
    switch(config-router-bgp)# show active
    router bgp 600
       neighbor 10.5.2.27 send-community extended
       neighbor 10.5.2.27 maximum-routes 12000
    switch(config-router-bgp)#

  • These commands attempt to configure the switch to remove large community attributes from routes sent to the neighbor at address 10.5.2.28, but send all others. However, because the original command did not specify a list of attributes, the remove command has no effect, and all community path attributes are still included.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.28 send-community
    switch(config-router-bgp)# neighbor 10.5.2.28 send-community remove large
    switch(config-router-bgp)# show active
    router bgp 600
       neighbor 10.5.2.28 send-community
       neighbor 10.5.2.28 maximum-routes 12000
    switch(config-router-bgp)#

  • These commands configure the switch to send only large community attributes in routes sent to the neighbor at address 10.5.2.29, then attempt to remove the large attribute from sent routes. However, because this removes the last specified attribute, all community path attributes (including large) will now be included.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.29 send-community large
    switch(config-router-bgp)# neighbor 10.5.2.28 send-community remove large
    switch(config-router-bgp)# show active
    router bgp 600
       neighbor 10.5.2.29 send-community
       neighbor 10.5.2.29 maximum-routes 12000
    switch(config-router-bgp)#

neighbor send-community link-bandwidth

The neighbor send-community link-bandwidth command is used to locally regenerate the link-bandwidth value to be advertised to a specific BGP neighbor or peer group. When this command is configured the regenerated link-bandwidth value is included in the extended community path attribute in UPDATE messages.

This command is used specifically for local regeneration of the link-bandwidth value. To send an explictly-configured link-bandwidth value, add an extended community to a route map instead. (see set extcommunity (route-map)) and include extended community attributes in UPDATE messages sent to that neighbor.

Note: The neighbor send-community command will override this command and vice-versa.

The no neighbor send-community command applies the system default (not sending community attributes in BGP UPDATE messages) for the specified peer.

The default neighbor send-community command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID send-community link-bandwidth {aggregate [reference_speed] | divide {equal | ratio}}

no neighbor neighbor_ID send-community

default neighbor neighbor_ID send-community

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • aggregate sends the sum of all link-bandwidth values for all paths toward a prefix to the specified neighbor or to each member of the specified peer group.
    • reference_speed optional value to specify a reference link speed in bits/second. Values range from 0.0 to 4294967295.0; larger values can also be expressed using the multiplier K (*10^3), M (*10^6), or G (*10^9). The link speed of the connection to the peer is divided by this value, and the resulting ratio is used to scale down the link-bandwidth advertised to the peer. If the result is >1, the multiplier is ignored and the full aggregate value is advertised.

  • divide divides the cumulative link-bandwidth value described above among the peers in an Adj-RIB-Out either equally or proportionally.
    • equal divides the cumulative total link-bandwidth value equally among all peers in the same Adj-RIB-Out.
    • ratio divides the cumulative total link-bandwidth value among peers proportionally according to the speed of the connection to each peer in the Adj-RIB-Out.

Examples
  • These commands configure the switch to locally regenerate the link-bandwidth value, dividing the bandwidth proportionally and including it in UPDATE messages to all peers in the peer group idaho.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor idaho send-community link-bandwidth divide ratio
    switch(config-router-bgp)#

  • These commands configure the switch to locally regenerate the link-bandwidth value, scale it down with a reference link speed of 20 gigabits/second, and include it in UPDATE messages to the neighbor at address 10.5.2.24.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.24 send-community link-bandwidth aggregate 20G
    switch(config-router-bgp)#

neighbor shutdown

The neighbor shutdown command disables the specified neighbor. Disabling a neighbor also terminates all of its active sessions and removes associated routing information.

The no neighbor shutdown command enables the specified peer.

The default neighbor shutdown command enables individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID shutdown reason REASON

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.

Examples
  • This command disables the neighbor at 10.5.2.23.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.23 shutdown
    switch(config-router-bgp)#

  • This command disables the neighbor at 10.5.2.23 with a reason - planned upgrade. The reason parameter is optional.
    switch(config)# router bgp 9
    switch(config-router-bgp)# neighbor 10.5.2.23 shutdown reason Planned upgrade
    switch(config-router-bgp)#

neighbor timers

The neighbor timers command configures the BGP keepalive and hold times for a specified peer connection. The timers bgp command configures the times on all peer connections for which an individual command is not specified.
  • Keepalive time is the period between the transmission of consecutive keepalive messages.
  • Hold time is the period the switch waits for a KEEPALIVE or UPDATE message before it disables peering.

The hold time must be at least 3 seconds and should be three times longer than the keepalive setting.

The no neighbor timers command applies the system default for the specified peer or group (the timers specified by the timers bgp command).

The default neighbor timers command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID timers keep_alive hold_time

no neighbor neighbor_ID timers

default neighbor neighbor_ID timers

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • keep_alive keepalive period, in seconds. Values include:
    • 0 keepalive messages are not sent.
    • 1 to 3600 keepalive time (seconds).

  • hold_time hold time. Values include:
    • 0 peering is not disabled by timeout expiry; keepalive packets are not sent.
    • 3 to 7200 hold time (seconds).

Example

This command sets the keepalive time to 30 seconds and the hold time to 90 seconds for the connection with the peer at 10.24.15.9.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.24.15.9 timers 30 90
switch(config-router-bgp)#

neighbor ttl maximum-hops

The neighbor ttl maximum-hops command configures the Generalized TTL Security Mechanism (GTSM) for the specified neighbor(s).

The no neighbor ttl maximum-hops command disables the GTSM configuration in the specified neighbor.

The default neighbor ttl maximum-hops command applies the system default configuration for individual neighbors; and applies the peer group’s setting for neighbors that are members of a peer group.

Command-Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID ttl maximum-hops hop_number

no sneighbor neighbor_ID ttl maximum-hops

default neighbor neighbor_ID ttl maximum-hops

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • hop_number maximum count of hops from a BGP peer. Values range from 0 to 254.

Example

This command configures the TTL security for 10.20.20.30 with a maximum of 4 hops.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.20.20.30 ttl maximum-hops 4
switch(config-router-bgp)#

neighbor update-source

The neighbor update-source command specifies the interface that BGP sessions use for TCP connections. By default, BGP sessions use the neighbor’s closest interface (also known as the best local address).

The no neighbor update-source command applies the system default (using best local address for TCP connections) for the specified peer or group.

The default neighbor update-source command applies the system default for individual neighbors and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID update-source INTERFACE

no neighbor neighbor_ID update-source

default neighbor neighbor_ID update-source

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • INTERFACE interface type and number. Options include:
    • ethernet e_num Ethernet interface specified by e_num.
    • loopback l_num loopback interface specified by l_num.
    • management m_num management interface specified by m_num.
    • port-channel p_num port-channel interface specified by p_num.
    • vlan VLAN interface specified by v_num.

Example

This command configures the switch to use ethernet 10 for TCP connections for the neighbor at 10.2.2.14.
switch(config)# router bgp 9
switch(config-router-bgp)# neighbor 10.2.2.14 update-source ethernet 10
switch(config-router-bgp)#

neighbor weight

The neighbor weight command assigns a weight attribute value to paths from the specified neighbor. Weight is the first parameter that the BGP best-path selection algorithm considers. When multiple paths to a destination prefix exist, the best-path selection algorithm prefers the path with the highest weight. Other attributes are used only when all paths to the prefix have the same weight.

Weight values range from 0 to 65535 and are not propagated to other switches through route updates. The default weight for paths that the router originates is 32768; the default weight for routes received through BGP is 0.

A path’s BGP weight is also configurable through route maps. Weight values set through route-map commands have precedence over neighbor weight command values.

The no neighbor weight command applies the system default (32768 for router-originated paths, 0 for routes received through BGP) for the specified peer or group.

The default neighbor weight command applies the system default for individual neighbors, and applies the peer group’s setting for neighbors that are members of a peer group.

The no neighbor command removes all configuration commands for the neighbor at the specified address.

Command Mode

Router-BGP Configuration

Command Syntax

neighbor neighbor_ID weight weight_value

no neighbor neighbor_ID weight

default neighbor neighbor_ID weight

Parameters
  • neighbor_ID neighbor’s IPv4 or IPv6 address or peer group name.
  • weight_value weight value. Values range from 1 to 65535.

Example

This command specifies a weight of 4000 for all paths from the neighbor at 10.1.2.5.
switch(config)# router bgp 9
eswitch(config-router-bgp)#neighbor 10.1.2.5 weight 4000
switch(config-router-bgp)#

network (BGP)

The network command specifies a network for advertisement through UPDATE packets to BGP peers. The configuration zeros the host portion of the specified network address; for example, 192.0.2.4/24 is stored as 192.0.2.0/24. A route map option is available for assigning attributes to the network.

The command is available in Router-BGP and Router-BGP-Address-Family configuration modes. The mode in which the command is issued does not affect the command. The scope of the command depends on the specified network address:
  • commands with an IPv4 address are advertised to peers activated in the IPv4 address family.
  • commands with an IPv6 address are advertised to peers activated in the IPv6 address family.

The no network and default network commands remove the network from the routing table, preventing its advertisement.

Command Mode

Router-BGP Configuration

Router-BGP Address-Family Configuration

Command Syntax

network NET_ADDRESS [ROUTE_MAP]

no network NET_ADDRESS

default network NET_ADDRESS

Parameters
  • NET_ADDRESS IP address range. Entry options include:
    • ipv4_subnet IPv4 subnet (CIDR notation).
    • ipv4_addr mask subnet IPv4 subnet (address-mask notation).
    • ipv6_prefix neighbor’s IPv6 prefix (CIDR notation).

  • ROUTE_MAP specifies route map that assigns attribute values to the network. Options include:
    • no parameter attributes are not assigned through a route map.
    • route-map map_name attributes listed by specified route map are assigned to the network.

Example

This command enables BGP advertising for the network located at 10.1.2.5. The configuration stores the network as 10.1.2.5.
switch(config)# router bgp 9
switch(config-router-bgp)# network 10.1.2.5/24
switch(config-router-bgp)#

no neighbor

The no neighbor command removes all neighbor configuration commands for the specified neighbor.

Neighbor settings can also be removed individually; refer to the command description page of the desired command for details. Neighbor settings for a peer group must be removed individually.

Command Mode

Router-BGP Configuration

Command Syntax

no neighbor neighbor_ID

default neighbor neighbor_ID

Parameter

neighbor_ID neighbor’s IPv4 or IPv6 address. This command does not accept a peer group name as an argument; peer group settings must be removed individually.

Example

This command removes all neighbor configuration commands for the neighbor at 10.1.1.1.
switch(config)# router bgp 9
switch(config-router-bgp)# no neighbor 10.1.1.1
switch(config-router-bgp)#

peer-filter

The peer-filter command creates a peer filter group and places the switch in peer-filter configuration mode for that group. The peer-filter group parameters are defined using the match as-range command.

The no peer-filter and default peer-filter commands remove the peer-filter group from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

peer-filter filter_name

no peer-filter filter_name

default peer-filter filter_name

Parameters

filter_name name of the peer filter.

Example

This command creates a peer filter called group1 and places the switch in peer-filter configuration mode for that filter.
switch(config-router-bgp)# peer-filter group1
switch(config-peer-filter-group1)#

rd (Router-BGP VRF and VNI Configuration Modes)

The rd command adds a Route Distinguisher (RD) to VRF and VNI configuration modes. RDs internally identify routes belonging to a VRF or VNI to distinguish overlapping or duplicate IP address ranges. This allows the creation of distinct routes to the same IP address for different VPNs. The RD is a 64-bit number made up of an AS number or IPv4 address followed by a user-selected ID number.

If the switch is not running EVPN, an RD is not required for a VRF or VNI to function. Use no or default command forms to remove an RD from a VRF or VNI.

Note: Legacy RDs that were assigned in VRF Configuration Mode appear in show vrf outputs if an RD has not been configured using this command, but they no longer have an effect on the system. RDs assigned in the VNI Configuration Mode are displayed in the output of show bgp evpn command.

Command Modes

Router-BGP VRF Configuration

Router-BGP VNI Configuration

Command Syntax

rd admin_ID:local_assignment

no rd

default rd

Parameters
  • admin_ID an AS number or globally assigned IPv4 address identifying the entity assigning the RD. This should be an IANA-assigned identifying number.
  • local_assignment a locally assigned number distinguishing the VRF. Values range from 0-65535 if the admin_ID is an IPv4 address, or from 0-4294967295 if the admin_ID is an AS number. If the admin_ID is an AS number, the local_assignment can also be entered in the form of an IPv4 address.

Examples
  • These commands identify the administrator of the VRF named purple as AS 530 and assign 12 as its local number.
    switch(config)# router bgp 50
    switch(config-router-bgp)# vrf purple
    switch(config-router-bgp-vrf-purple)# rd 530:12
    switch(config-router-bgp-vrf-purple)#

  • These commands identify the administrator of the MAC-VRF named bundle1 as AS 530 and assign 12 as its local number.
    cvx(config)# router bgp 100
    cvx(config-router-bgp)# vni-aware-bundle bundle1
    cvx(config-macvrf-bundle1)# rd 530:12
    cvx(config-macvrf-bundle1)#

redistribute (BGP)

The redistribute command enables the redistribution of specified routes to the BGP domain.

The no redistribute and default redistribute commands disable route redistribution from the specified domain by removing the corresponding redistribute command from running-config.

Note: Aggregate routes are redistributed automatically, and their redistribution cannot be disabled.

Command Mode

Router-BGP Configuration

Command Syntax

redistribute ROUTE_TYPE [ROUTE_MAP]

no redistribute ROUTE_TYPE

default redistribute ROUTE_TYPE

Parameters
  • ROUTE_TYPE source from which routes are redistributed. Options include:
    • connected routes that are established when IP is enabled on an interface.
    • match nssa-external all OSPF NSSA external routes.
    • match nssa-external 1 type 1 OSPF NSSA external routes.
    • match nssa-external 2 type 2 OSPF NSSA external routes.
    • ospf internal routes from an OSPF domain.
    • ospf match external routes external to the AS, but imported from OSPF.
    • ospf match internal OSPF routes that are internal to the AS.
    • ospf match nssa-external all OSPF NSSA external routes.
    • ospf match nssa-external 1 type 1 OSPF NSSA external routes.
    • ospf match nssa-external 2 type 2 OSPF NSSA external routes.
    • ospf3 routes from an OSPFv3 domain.
    • ospf3 match external routes external to the AS, but imported from OSPFv3.
    • ospf3 match internal OSPFv3 routes that are internal to the AS.
    • rip routes from a RIP domain.
    • static IP static routes.
    • isis IS-IS routes. Sub-options include:
      • level-1 redistribute IS-IS level-1 routes.
      • level-1-2 redistribute IS-IS level-1 and level-2 routes.
      • level-2 redistribute IS-IS level-2 routes.
      • route-map route map reference.

        Note: While redistributing IS-IS routes into BGP, the level-1 or level-2 keyword can be used to selectively redistribute level-1 routes or level-2 routes into BGP. The level-1 or level-2 keyword is optional, and the command defaults to level-2 when it is not configured.

  • ROUTE_MAP route map that determines the routes that are redistributed. Options include:
    • no parameter all routes are redistributed.
    • route-map map_name only routes in the specified route map are redistributed.

Examples
  • These commands redistribute internal OSPF routes into the BGP domain.
    switch(config)# router bgp 1
    switch(config-router-bgp)# redistribute ospf
    switch(config-router-bgp)#

  • These commands redistribute ISIS routes into the BGP domain in the address-family mode.
    switch(config)# router bgp 1
    switch(config-router-bgp)# address-family ipv4
    switch(config-router-bgp-af)# redistribute isis level-1 route-map isis-to-bgp-v4
    switch(config-router-bgp-af)#

  • These commands redistribute ISIS routes into the BGP domain in the router-bgp mode.
    switch(config)# router bgp 1
    switch(config-router-bgp)# redistribute isis level-1 route-map isis-to-bgp
    switch(config-router-bgp)#

rib fib fec ecmp ordered

The rib fib fec ecmp ordered command is configured to enforce ordering of next hops as determined by the protocol agents in the FEC programmed for the route.

The no rib fib fec ecmp ordered command removes the Ordered FEC configuration from the running-config.

Command Mode

Router General Configuration Mode

Command Syntax

rib fib fec ecmp ordered

no rib fib fec ecmp ordered

Example

The rib fib fec ecmp ordered command configures the Ordered FEC feature on the switch.
switch(config)# router general
switch(config-router-general)# rib fib fec ecmp ordered
switch(config-router-general)#

router bgp

The router bgp command places the switch in router-BGP configuration mode. If BGP was not previously instantiated, this command creates a BGP instance with the specified AS number. Router-BGP configuration mode is not a group-change mode; running-config is changed immediately after commands are executed. The exit command does not affect the configuration.

When a BGP instance exists, the command must include the AS number of the existing BGP instance. Running this command with a different AS number generates an error message.

The no router bgp and default router bgp commands delete the BGP instance.

The exit command returns the switch to global configuration mode.

Command Mode

Global Configuration

Command Syntax

router bgp as_id

no router bgp

default router bgp

Parameter

as_id Autonomous System (AS) number. Values range from 1 to 4294967295.

Examples
  • This command creates a BGP instance with AS number 64500.
    switch(config)# router bgp 64500
    switch(config-router-bgp)#

  • This command attempts to open a BGP instance with a different AS number from that of the existing instance. The switch displays an error and stays in the global configuration mode.
    switch(config)# router bgp 64501
    % BGP is already running with AS number 64500
    switch(config)#

  • This command exits the bgp configuration mode.
    switch(config-router-bgp)# exit
    switch(config)#

  • This command deletes the BGP instance.
    switch(config)# no router bgp
    switch(config)#

router-id (BGP)

The router-id command sets the local router BGP router ID.

When no ID has been specified, the local router ID is set to the following:
  • the loopback IP address when a single loopback interface is configured.
  • the loopback with the highest IP address when multiple loopback interfaces are configured.
  • the highest IP address on a physical interface when no loopback interfaces are configured.

    Note: The router ID must be specified if the switch has no IPv4 addresses configured.

The no router-id and default router-id commands remove the router-id command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

router-id id_num

no router-id [id_num]

default router-id [id_num]

Parameter

id_num router ID number (32-bit dotted decimal notation).

Example

This command configures the fixed router ID address of 10.10.4.11.
switch(config)# router bgp 9
switch(config-router-bgp)# router-id 10.10.4.11
switch(config-router-bgp)#

set large-community

Large communities are an optional transitive attribute of variable length. There are no predefined large-community types or values. Large communities may be configured alongside standard and extended communities within route-maps using additional configuration commands.

Large community values (aa:nn:nn) must consist of three decimal values each in the range (0-4294967295). All three sub-values of a large community value must be present. As-plain and As-dot notation are supported for the leading ASN value.

The no and default versions of the command return the command to the original configuration.

Command Mode

Route map configuration

Command Syntax

set large-community [large-community-list LIST1 [[LIST2] [additive | delete]]]

no set large-community [large-community-list LIST1 [[LIST2] [additive | delete]]]

default set large-community [large-community-list LIST1 [[LIST2] [additive | delete]]]

Parameters

large-community-list Add a large community list entry.
  • LIST1 Name of large community list.
    • additive Adds to the existing community.
    • delete Deletes matching communities.

Examples
  • The following route-map sets a number of large-community values using both as-plain and as-dot notation.
    switch(config)# route-map LC permit 10
    switch(config-route-map-LC)# set large-community 10.10:20:30 40.40:50:60 1000:80:90

  • The following route-map adds additional large-community values.
    switch(config)# route-map LC permit 10
    switch(config-route-map-LC)# set large-community 50:50:50 51:51:51 additive

  • The following route-map removes the specified large-community values if they are present.
    switch(config)# route-map LC permit 10
    switch(config-route-map-LC)# set large-community 60:60:60 61:61:61 delete

  • The following route-map matches multiple large-community values from large-community lists (LC_a1 and LC_a2) and sets local-pref accordingly.
    switch(config)# ip large-community-list LC_1 permit 10:20:30 40:50:60
    switch(config)# ip large-community-list LC_2 permit 70:80:90
    switch(config)# route-map LC permit 10
    switch(config-map-LC)# match large-community LC_1 LC_2 exact_match
    switch(config-map-LC)# set local-pref 111

show bgp labeled-unicast tunnel

The show bgp labeled-unicast tunnel command displays the contents of the BGP Labeled-Unicast (LU) tunnel table. The user can optionally specify a tunnel index parameter to view the specific single tunnel information.

Command Mode

EXEC

Command Syntax

show bgp labeled-unicast tunnel tunnel_index

Parameter

tunnel_index index to view single tunnel information.

Examples
  • This command displays the BGP LU tunnel table.
    switch# show bgp labeled-unicast tunnel
    Index Endpoint   Nexthop  Interface   Labels          Contributing Metric Metric 2 Pref Pref 2
    ----- ---------- -------- ----------- --------------- ------------ ------ -------- ---- ------
    5     2.0.0.0/24 10.1.1.2 'Ethernet3' [ 123 899 900 ] Yes          0      100      200  0
    6     2.0.1.0/24 10.1.1.2 'Ethernet3' [ 400 500 600 ] Yes          0      100      200  0
    7     2.0.2.0/24 10.1.1.2 'Ethernet3' [ 400 500 600 ] Yes          0      100      200  0
    switch#

  • This command displays the BGP LU tunnel table for tunnel index 4.
    switch# show bgp labeled-unicast tunnel 4
    Index   Endpoint        Nexthop/Tunnel Index   Interface       Labels   Contributing Metric Metric 2  Pref  Pref 2
    ------  --------------- ---------------------- --------------- -------- ------------ ------ --------- ----- ------
    4       10.253.0.10/32  10.1.0.0               Port-Channel111 [ 3 ]     Yes          0      0        200    0
    
    switch#

show bgp convergence

The show bgp convergence command displays information about the Border Gateway Protocol (BGP) convergence state and other statistics about the BGP instance in the specified VRF or in all VRFs.

Command Mode

EXEC

Command Syntax

show bgp convergence [VRF_INSTANCE]

Parameters

VRF_INSTANCE specifies VRF instances. Options include:
  • no parameter displays BGP information for the context-active VRF.
  • vrf vrf_name displays BGP information for the specified VRF.
  • vrf all displays BGP information for all VRFs.
  • vrf default displays BGP information for the default VRF.

Examples
  • This command displays the output when no peers have joined before convergence.
    switch# show bgp convergence
    BGP Convergence information for VRF: default
    Configured convergence timeout: 00:02:30
    Configured convergence slow peer timeout: 00:00:55
    Convergence based update synchronization is enabled
    Last Bgp convergence event : None
    Bgp convergence state : Not Initiated (Waiting for the first peer to join)
     Convergence timer is not running
     Convergence timeout in use: 00:02:30
     Convergence slow peer timeout in use: 00:00:55
     First peer is not up yet
     All the expected peers are up: no
     All IGP protocols have converged: yes
     Outstanding EORs: 0, Outstanding Keepalives: 0
     Pending Peers: 2
     Total Peers: 2
     Established Peers: 0
     Disabled Peers: 0
     Peers that have not converged yet:
     IPv4 peers:
     201.1.1.1 (Session : Connect)
     202.1.1.1 (Session : Connect)
     IPv6 peers:
     None
    switch#

  • This command displays the output when the first peer has joined before convergence.
    switch# show bgp convergence
    BGP Convergence information for VRF: default
    Configured convergence timeout: 00:02:30
    Configured convergence slow peer timeout: 00:00:55
    Convergence based update synchronization is enabled
    Last Bgp convergence event 00:00:40 ago
    Bgp convergence state : Pending (Waiting for EORs/Keepalives from peer(s) and IGP 
    convergence)
     Convergence timer running, will expire in 00:01:50
     Convergence timeout in use: 00:02:30
     Convergence slow peer timeout in use: 00:00:55
     First peer came up 00:00:13 ago
     All the expected peers are up: no
     All IGP protocols have converged: yes
     Outstanding EORs: 0, Outstanding Keepalives: 0
     Pending Peers: 1
     Total Peers: 2
     Established Peers: 1
     Disabled Peers: 0
     Peers that have not converged yet:
     IPv4 peers:
     201.1.1.1 (Session : Active)
     IPv6 peers:
     None
    switch#

  • This command displays the output when the convergence timeout value is reached.
    switch# show bgp convergence
    BGP Convergence information for VRF: default
    Configured convergence timeout: 00:02:30
    Configured convergence slow peer timeout: 00:00:55
    Convergence based update synchronization is enabled
    Last Bgp convergence event 00:02:44 ago
    Bgp convergence state : Timeout reached
     Time taken to converge 00:02:30
     Pending Peers: 1
     Total Peers: 2
     Established Peers: 1
     Disabled Peers: 0
     Peers that did not converge before local bgp convergence:
     IPv4 peers:
     201.1.1.1 (Session : Active)
     202.1.1.1 (Session : Established)
     IPv6 peers:
     None
    switch#

  • This command displays the output during the converged state.
    switch# show bgp convergence
    BGP Convergence information for VRF: default
    Configured convergence timeout: 00:05:00
    Configured convergence slow peer timeout: 00:01:30
    Convergence based update synchronization is enabled
    Last Bgp convergence event 00:00:05 ago
    Bgp convergence state : Converged
     Time taken to converge 00:00:02
     First peer came up 00:00:05 ago
     Pending Peers: 0
     Total Peers: 3
     Established Peers: 3
     Disabled Peers: 0
     Peers that did not converge before local bgp convergence:
     IPv4 peers:
     None
     IPv6 peers:
     None
    switch#

show bgp flow-spec

The show bgp flow-spec ipv4 displays a brief description of each flowspec rule, including the matching rule and actions.

Command Mode

EXEC

Command Syntax

show bgp flow-spec [ipv4 | ipv6] [summary | detail] [vrf VRFNAME]

Parameters
  • ipv4 Displays information releated to IPv4.
  • ipv6 Displays information releated to IPv6.
  • summary Displays summarized BGP information.
  • detail Displays detailed information.
  • vrf VRFNAME Displays flow-spec information in the named VRF.

Related Command

show flow-spec

Examples
  • The show bgp flow-spec ipv4 summary command displays the count of flowspec rules received from each peer:

    switch(config)# show bgp flow-spec ipv4 summary
    BGP summary information for VRF default
    Router identifier 0.0.0.1, local AS number 10
    Neighbor Status Codes: m - Under maintenance
      Neighbor     V  AS    MsgRcvd   MsgSent  InQ OutQ  Up/Down State  RulesRcd RulesAcc
      10.0.0.2     4  10         12         4    0    0 00:02:18 Estab  2        2
      10.0.1.2     4  10          6         4    0    0 00:02:18 Estab  0        0

  • The show bgp flow-spec detail displays the full details of each flowspec rule including the peer(s) it was received from, BGP properties, and an expanded description of the matching rule:
    switch(config)# show bgp flow-spec ipv4 detail
    BGP Flow Specification rules for VRF default
    Router identifier 0.0.0.1, local AS number 10
    BGP Flow Specification Matching Rule for 10.2.3.0/24;*;
     Rule identifier: 3882065752
     Matching Rule:
       Destination Prefix: 10.2.3.0/24
       Source Prefix: *
     Paths: 1 available
      Local
        from 10.0.0.2 (10.1.1.2)
          Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
          Actions: Drop
    BGP Flow Specification Matching Rule for 10.2.4.0/24;10.2.0.0/16;IP:=6|=17;DP:>1010&<1024;
     Rule identifier: 3882090640
     Matching Rule:
       Destination Prefix: 10.2.4.0/24
       Source Prefix: 10.2.0.0/16
       IP Protocol: =6 | =17
       Destination Port: >1010 & <1024
     Paths: 1 available
      Local
        from 10.0.0.2 (10.1.1.2)
          Origin IGP, metric -, localpref 100, weight 0, valid, internal, best
          Actions: Drop

show bgp instance

The show bgp instance command displays summary Border Gateway Protocol (BGP) information about the BGP instance in the specified VRF or in all VRFs.

Command Mode

EXEC

Command Syntax

show bgp instance [VRF_INSTANCE]

Parameters

VRF_INSTANCE specifies VRF instances. Options include:
  • no parameter displays BGP information for the context-active VRF.
  • vrf vrf_name displays BGP information for the specified VRF.
  • vrf all displays BGP information for all VRFs.
  • vrf default displays BGP information for the default VRF.

Examples
  • This command displays information about the BGP instance in the context-active VRF.
    switch# show bgp instance
    BGP instance information for VRF purple
    BGP Local AS:  64497, Router ID: 1.2.3.5
    Total peers:              5
    Configured peers:         3
      UnConfigured peers:     2
      Disabled peers:         0
      Established peers:      3
    Graceful restart helper mode enabled
    End of rib timer timeout: 00:05:00
    BGP Convergence timer is inactive
    BGP Convergence information:
        BGP has converged:no
        Outstanding EORs:0,Outstanding Keepalives: 0
        Convergence timeout: 00:10:00
    switch#

  • This command displays information about the BGP instance in the default VRF.
    switch# show bgp instance vrf default
    BGP instance information for VRF default
    BGP Local AS:  64503, Router ID: 1.2.3.5
    Total peers:              1
    Configured peers:         1
      UnConfigured peers:     0
      Disabled peers:         0
      Established peers:      0
    Graceful restart helper mode enabled
    End of rib timer timeout: 00:05:00
    BGP Convergence timer is inactive
    BGP Convergence information:
        BGP has converged:no
        Outstanding EORs:0,Outstanding Keepalives: 0
        Convergence timeout: 00:10:00
    switch#

show bgp neighbors history

The show bgp neighbors history command stores and displays a list of failed BGP connection attempts for each peer. This may be particularly useful while troubleshooting flappy connections. If enabling dynamic peering, the failure history records even after the peers are no longer present.

Command Mode

EXEC

Command Syntax

show bgp neighbors [PEER | PREFIX | peer-group PEER_GROUP] history [connect-failures | socket |][vrf VRF

Parameters
  • PEER An IPv4 or IPv6 valid address.
  • PREFIX An IPv4 or IPv6 valid prefix.
  • peer-group PEER_GROUP A peer group name.
  • connect-failures Optional and does not affect the result.
  • socket - TCP socket statistics.y
  • vrf VRF A VRF name. If it is not supplied, the command acts upon the VRF default.

Guidelines

Relevant error messages are recorded by default, without any configuration. To clear all messages for a peer or group of peers, though, use the command clear bgp history. The following output provides the syntax for this command:
switch# clear bgp [PEER|PREFIX|peer-group PEER_GROUP] history [connect-failures][vrf VRF]

If no peer, prefix, or peer-group is supplied, this command clears the history for all peers in the specified VRF.

  • The number of recorded messages is limited to eight per peer.
  • Only errors that occur prior to session establishment get recorded.
  • The show bgp neighbors history becomes available only with the multi-agent protocol model.

Related Command

clear bgp history

Example

For each peer, the address prints at the first line, along with the assigned VRF. Then, a table prints with the following columns:
  • Type - The peer connection type. May be Static or Dynamic.
  • AS - The remote Autonomous System number.
  • Time - The time of the failure, using the local timezone.
  • Event - A description related to the cause of the failed BGP connection.
switch> show bgp neighbors history
1.1.1.2 VRF default
Type      AS       Time                     Event
Static    65538    Mon 2019-05-13 04:16:24  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:16:31  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:16:39  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:16:47  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:16:55  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:17:03  Connect (No route to host)
Static    65538    Mon 2019-05-13 04:18:17  bad AS number
Static    65538    Mon 2019-05-13 04:19:40  bad AS number

show bgp update-group

The show bgp update-group command displays how peers are grouped into update groups and can be used to verify that peers with different RCF functions with identical contents are grouped together.

Command Mode

EXEC

Command Syntax

show bgp update-group

Examples

This command displays information about how BGP peers are grouped into update groups.
switch# show bgp update-group
switch#

show flow-spec

The show flow-spec command displays an overall status of how many flowspec rules were received and how many were installed.

Command Mode

EXEC

Command Syntax

show flow-spec (ipv4 | ipv6) [summary][vrf VRFNAME]

Parameters
  • ipv4 Displays information releated to IPv4.
  • ipv6 Displays information releated to IPv6.
  • summary Displays summary of flow-spec rule.
  • vrf VRFNAME Displays flow-spec information in the named VRF.

Related Command

show bgp flow-spec

Examples
  • The show flow-spec ipv4 summary command displays an overall status of how many flowspec rules were received and how many were installed:
    switch(config)# show flow-spec ipv4 summary
    Flow specification rules summary for VRF default
      Total number of rules: 2
      Number of installed rules: 2

  • The show flow-spec ipv4 displays the installation status of the rule, and a counter of how many hits it has accumulated. This command also compiles the received flowspec rules into rules that can be programmed into the TCAM. For example, logical expressions on values such as the destination port are converted to ranges, as shown below:
    switch(config)# show flow-spec ipv4
    Flow specification rules for VRF default
    Applied on: Ethernet47/1
      Flow-spec rule: 10.2.3.0/24;*;
        Rule identifier: 3882065752
        Matches:
          Destination prefix: 10.2.3.0/24
        Actions:
          Police: 80 Mbps (10 MBps)                            
          Redirect: VRF customer1
                    Route via LDP tunnel index 4, MPLS label 100123
                    Route via LDP tunnel index 1, MPLS label 116507
        Status:
          Installed: yes
          Counter: 312 packets
      Flow-spec rule: 10.2.4.0/24;10.2.0.0/16;IP:=6|=17;DP:>1010&<1024;
        Rule identifier: 3882090640
        Matches:
          Destination prefix: 10.2.4.0/24
          Source prefix: 10.2.0.0/16
          Next protocol: 17
                         6
          Destination port: 1011-1023
        Actions:
          Police: 80 Mbps (10 MBps)                            
          Redirect: VRF customer1
                    Route via LDP tunnel index 4, MPLS label 100123
                    Route via LDP tunnel index 1, MPLS label 116507
        Status:
          Installed: yes
          Counter: 0 packets

show ip as-path access-list

The show ip as-path access-list command displays BGP filters on the switch. Specifying an access list displays the statements from that access list. Entering the command without parameters displays the statements from all access lists on the switch.

Command Mode

EXEC

Command Syntax

show ip as-path access-list [list_name]

Parameter

list_name the name of an AS path access list.

Example

This command displays the contents of the AS path access list named list1.
switch# show ip as-path access-list list1
ip as-path access-list list1 deny _3$
ip as-path access-list list1 permit .*
switch#

show ip bgp

The show ip bgp command displays Border Gateway Protocol (BGP) IPv4 routing table entries. The output format depends on the command parameters:
  • data-block format displays comprehensive information for each specified BGP routing-table entry.
  • tabular format displays routing-table entries for the specified IPv4 addresses.

Command Mode

EXEC

Command Syntax

show ip bgp [FILTER][VRF_INSTANCE]

Parameters
  • FILTER routing-table entries to display. Options include:
    • no parameter displays all routing-table entries in tabular format.
    • detail displays all routing-table entries in data-block format.
    • ipv4_addr displays IPv4 host address in data-block format.
    • PREFIX displays the route information of the specified IPv4 prefix in data block format. Options include:
      • detail ipv4_prefixdisplays the detailed route information of specified IPv4 prefix in data block format.
      • longer-prefixes ipv4_prefix displays the route information of IPv4 prefix in tabular block format.
      • longer-prefixes detail ipv4_prefix displays the detailed route information of specified IPv4 prefix in data block format.

    • community-list cmnty_list_name displays BGP routes filtered by the specified community list.
    • installed displays the information of installed BGP routes.
    • labeled-unicast displays the information of labeled-unicast BGP routes only.
    • not-installed displays the information of BGP routes that are not installed.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Guidelines

You must provide the IPv4 prefix in CIDR notation.

Examples
  • This command displays the BGP routing table with prefix “L” flag for all BGP LU route entries.
    switch# show ip bgp
    BGP routing table information for VRF default
    Router identifier 0.0.0.1, local AS number 100
    Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
    - ECMP head, e - ECMP
    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
    Origin codes: i - IGP, e - EGP, ? - incomplete
    AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
    Link Local Nexthop
    
            Network        Next Hop     Metric     LocPref     Weight     Path
    * > L   2.0.0.1/32     1.1.1.2      0          100         0          300 i
    * #     2.0.0.1/32     1.0.0.2      0          100         0          200 ?
    * > L   2.0.0.2/32     1.1.1.2      0          100         0          300 i
    * #     2.0.0.2/32     1.0.0.2      0          100         0          200 ?
    * > L   2.0.0.3/32     1.1.1.2      0          100         0          300 i
    * #     2.0.0.3/32     1.0.0.2      0          100         0          200 ?
    * > L   2.0.0.4/32     1.1.1.2      0          100         0          300 i
    * #     2.0.0.4/32     1.0.0.2      0          100         0          200 ?
    * > L   2.0.0.5/32     1.1.1.2      0          100         0          300 i
    * #     2.0.0.5/32     1.0.0.2      0          100         0          200 ?
    switch#

  • This command displays the routing-table information of unicast routes for a default VRF.
    switch# show ip bgp
    BGP routing table information for VRF default
    Router identifier 0.0.0.1, local AS number 100
    BGP routing table entry for 2.0.0.1/32
        Paths: 2 available
        300
            1.1.1.2 labels [ 101 102 103 104 ] from 1.1.1.2 (1.1.1.2)
            Origin IGP, metric 0, localpref 100, weight 0, valid, external, best
            Rx path id: 0x0
        200
            1.0.0.2 from 1.0.0.2 (0.0.1.1)
            Origin INCOMPLETE, metric 0, localpref 100, weight 0, valid, external, 
    not installed (labeled-route present)
    switch#

  • This command displays the BGP routing-table entry for the 10.100.1.0/24 network.
    switch# show ip bgp 10.100.1.0/24
    BGP routing table information for VRF default
    Router identifier 10.0.0.102, local AS number 64500
    BGP routing table entry for 10.100.1.0/24
     Paths: 1 available
      64496 64497 65536
        10.1.0.100 from 10.1.0.100 (10.0.0.100)
          Origin IGP, metric 0, localpref 100, IGP metric 1, weight 0, received 
    01:57:33 ago, valid, external, best
          Community: 655:23590 64496:1000
          Rx SAFI: Unicast
    switch#

  • This command displays the label stack associated with the route for a default VRF.
    switch# show ip bgp detail
    BGP routing table information for VRF default
    Router identifier 0.0.0.1, local AS number 100
    BGP routing table entry for 2.0.0.1/32
        Paths: 2 available
        200
            1.0.0.2 from 1.0.0.2 (0.0.1.1)
            Origin INCOMPLETE, metric 0, localpref 100, weight 0, valid, external, best
        300
            1.1.1.2 labels [ 101 102 103 104 ] from 1.1.1.2 (1.1.1.2)
            Origin IGP, metric 0, localpref 100, weight 0, valid, external
            Rx path id: 0x0
            Rx SAFI: Labels
            Tunnel RIB eligible
    switch#

  • This command displays the BGP routing-table entry for the 10.105.1.1/24 network, including the reason why the route was discarded by the best-path algorithm. The reason for discarding a route is preceded by the label “Not best:”.
    switch# show ip bgp 10.105.1.1/24 detail
    BGP routing table information for VRF default
    Router identifier 10.0.0.102, local AS number 64500
    Route status: [a.b.c.d] - Route is  queued for advertisement to peer.
    BGP routing table entry for 10.105.1.0/24
     Paths: 2 available
      64510
        10.2.0.101 from 10.2.0.101 (12.0.0.101)
          Origin IGP, metric 0, localpref 100, IGP metric 1, weight 0, received 
    00:00:58 ago, valid, external, best
          Rx SAFI: Unicast
      64496
        10.1.0.100 from 10.1.0.100 (10.0.0.100)
          Origin INCOMPLETE, metric 42, localpref 100, IGP metric 1, weight 0, received 
    00:00:33 ago, valid, external
          Rx SAFI: Unicast
          Not best: Origin
     Advertised to 2 peers:
      peer-group EXTERNAL:
        10.1.0.100
      peer-group INTERNAL:
        10.3.0.103
    switch#

show ip bgp community

The show ip bgp community command displays Border Gateway Protocol (BGP) routing table entries, filtered by community.

Command Mode

EXEC

Command Syntax

show ip bgp community COMM_1 [COMM_2... COMM_n][MATCH_TYPE][DATA_OPTION][VRF_INSTANCE]

Parameters
  • COMM_x community number or name, as specified in the route map that sets the community list number.
    • GSHUT well-known graceful shutdown community.
    • aa:nn AS and network number, separated by colon. Each value ranges from 1 to 4294967295.
    • comm_num community number. Values range from 1 to 4294967040.
    • internet advertises route to Internet community.
    • local-as advertises route only to local peers.
    • no-advertise does not advertise the route to any peer.
    • no-export advertises route only within BGP AS boundary.

  • MATCH_TYPE routes are filtered based on their communities. Options include:
    • no parameterroutes must match at least one community in the list.
    • exact route must match all communities and include no other communities.
    • regex display routes matching the regular expression of communities.

  • DATA_OPTION type of information the command displays. Options include:
    • no parameter displays table of the routing entry line items.
    • detail displays data block for each routing table entry.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Guidelines

The interpretation of regular expressions is always based on string mode but not on the ACL configuration.

Example

This command displays the BGP routing table entries with the community 64496:1000.
switch# show ip bgp community 64496:1000 detail
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
BGP routing table entry for 10.100.1.0/24
 Paths: 1 available
  64496 64497 65536
    10.1.0.100 from 10.1.0.100 (10.0.0.100)
      Origin IGP, metric 0, localpref 100, IGP metric 1, weight 0, received 00:03:16 ago, valid, external, best
      Community: 655:23590 64496:1000
      Rx SAFI: Unicast
switch#

show ip bgp installed

The show ip bgp installed command displays the list of installed routes in the RIB.

Command Mode

EXEC

Command Syntax

show ip bgp installed

Example

This command displays the list of installed routes in the RIB.
switch# show ip bgp installed   
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP  
                    S - Stale, c - Contributing to ECMP, b - backup  
Origin codes: i - IGP, e - EGP, ? - incomplete  
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop  
  
        Network             Next Hop         Metric  LocPref Weight Path  
 * >    6.0.0.0/24          1.0.0.1          0       100     0      ?    
switch#

show ip bgp neighbors (route type)

The show ip bgp neighbors (route type) command displays information for next-hop routes to a specified IPv4 neighbor. The show ip bgp neighbors (route-type) community command displays the same information for routes filtered by communities.

The output format depends on the selected FILTER parameter:
  • data-block format displays comprehensive information for each specified route.
  • tabular format displays routing table entries in tabular format for the specified IP addresses.

Commands that do not include a route type revert to the show ip bgp neighbors command.

Command Mode

EXEC

Command Syntax

show ip bgp neighbors neighbor_addr HOPDIRECT [FILTER] [VRF_INSTANCE]

show ip bgp neighbors neighbor_addr [ROUTE_TYPE] HOPDIRECT [detail]

Parameters
  • neighbor_addr location of the neighbor.
  • ROUTE_TYPE filters route on route type. Options include:
    • ipv4 unicast displays IPv4 unicast routes.
    • ipv6 unicast displays IPv6 unicast route.

  • HOPDIRECT filters route on the basis of direction from neighbor. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • FILTER routing table entries that the command displays. Values include:
    • no parameter displays all routing table entries in tabular format.
    • detail displays all routing table entries in data-block format.
    • ipv4_addr displays IPv4 host address in data-block format.
    • ipv4_prefix displays the route information of specified IPv4 prefix in data-block format. Option includes:
      • longer-prefixes displays the route information of IPv4 prefix in data-block format.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command displays information for routes advertised to the neighbor at 10.3.0.103.
switch# show ip bgp neighbors 10.3.0.103 advertised-routes
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop            Metric  LocPref Weight  Path
 * >     10.1.0.0/24            10.3.0.102            -       100     -       i
 * >     10.2.0.0/24            10.3.0.102            -       100     -       i
 * >     10.3.0.0/24            10.3.0.102            -       100     -       i
 * >     10.100.0.0/24          10.1.0.100            200     100     -       64496 i
 * >     10.100.1.0/24          10.1.0.100            -       100     -       64496 64497 65536 i
 * >     10.100.2.0/24          10.1.0.100            42      100     -       64496 ?
 * >     10.101.0.0/24          10.2.0.101            -       100     -       64510 i
 * >     10.101.1.0/24          10.2.0.101            -       100     -       64510 i
 * >     10.101.2.0/24          10.2.0.101            -       100     -       64510 i
switch#

show ip bgp neighbors (route-type) community

The show ip bgp neighbors (route type) community command displays information for next-hop routes to a specified neighbor. Routes are filtered by community.

The show ip bgp neighbors (route type) command displays the same information for routes filtered by IP addresses and subnets.

Command Mode

EXEC

Command Syntax

show ip bgp neighbors addr RTE community CM_1 [CM_2...CM_n][MATCH][INFO][VRF_INST]

Related Commands

Parameters
  • addr location of the neighbor.
  • RTE type of route that the command displays. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • CM_x community number or name, as specified in the route map that sets the community list number. The command must list at least one of the following community identifiers:
    • GSHUT well-known graceful shutdown community.
    • aa:nn AS and network number, separated by colon. Each value ranges from 1 to 4294967295.
    • comm_num community number. Values range from 1 to 4294967040.
    • internet advertises route to Internet community.
    • local-as advertises route only to local peers.
    • no-advertise does not advertise route to any peer.
    • no-export advertises route only within BGP AS boundary.

  • MATCH routes are filtered based on their communities.
    • no parameter routes must match at least one community in the list.
    • exact route must match all communities and include no other communities.

  • INFO type of information the command displays. Values include:
    • no parameter displays table of routing entry line items.
    • detail displays data block for each routing table entry.

  • VRF_INST specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command lists the routes advertised to the neighbor at 10.3.0.103 with community 655:23590.
switch# show ip bgp neighbors 10.3.0.103 advertised-routes community 655:23590
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop            Metric  LocPref Weight  Path
 * >     10.100.1.0/24          10.1.0.100            -       100     -       64496 64497 65536 i
switch#

show ip bgp neighbors regexp

The show ip bgp neighbors regexp command displays information for next-hop routes to a specified IPv4 neighbor that match the AS path attributes specified in the given regular expression.

Command Mode

EXEC

Command Syntax

show ip bgp neighbors addr RTE regexp as_paths [VRF_INST]

Parameters
  • addr location of the neighbor.
  • RTE type of route that the command displays. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • as_paths list of AS paths, formatted as a regular expression. Regular expressions are pattern-matching strings that are composed of text characters and operators.
  • VRF_INST specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command lists the routes advertised to the neighbor at 10.3.0.103 where the AS path is 64496.
switch# show ip bgp neighbors 10.3.0.103 advertised-routes regex ^64496$
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP,  b - backup, L = labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST -Cluster List, LL Nexthop - Link Local Nexthop

        Network                Next Hop               Metric  LocPref Weight  Path
 * >     10.100.0.0/24       10.1.0.100       200     100     -       64496 i
 * >     10.100.2.0/24       10.1.0.100       42      100     -       64496 ?
switch#

show ip bgp neighbors

The show ip bgp neighbors command displays Border Gateway Protocol (BGP) and TCP-session data for a specified IPv4 BGP neighbor, or for all IPv4 BGP neighbors if an address is not specified.

Command Mode

EXEC

Command Syntax

show ip bgp neighbors [NEIGHBOR_ADDR] [VRF_INSTANCE]

Parameters
  • NEIGHBOR_ADDR location of the neighbors. Options include:
    • no parameter command displays information for all IPv4 BGP neighbors.
    • ipv4_addr command displays information for specified neighbor.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for the default VRF.

Examples
  • This command displays information of the neighbor at 10.1.0.100.
    switch# show ip bgp neighbors 10.1.0.100
    BGP neighbor is 10.1.0.100, remote AS 64496, external link
      BGP version 4, remote router ID 10.0.0.100, VRF default
      Inherits configuration from and member of peer-group EXTERNAL
      Negotiated BGP version 4
      Member of update group 3
      Last read 00:00:17, last write 00:00:18
      Hold time is 180, keepalive interval is 60 seconds
      Configured hold time is 180, keepalive interval is 60 seconds
      Connect timer is inactive
      Idle-restart timer is inactive
      BGP state is Established, up for 00:05:17
      Number of transitions to established: 1
      Last state was OpenConfirm
      Last event was RecvKeepAlive
      Neighbor Capabilities:
        Multiprotocol IPv4 Unicast: advertised and received and negotiated
        Four Octet ASN: advertised and received and negotiated
        Route Refresh: advertised and received and negotiated
        Send End-of-RIB messages: advertised and received and negotiated
        Additional-paths recv capability:
          IPv4 Unicast: advertised
        Additional-paths send capability:
          IPv4 Unicast: received
      Restart timer is inactive
      End of rib timer is inactive
      Message Statistics:
        InQ depth is 0
        OutQ depth is 0
                             Sent      Rcvd
        Opens:                  1         1
        Notifications:          0         0
        Updates:                4         4
        Keepalives:             7         7
        Route-Refresh:          0         0
        Total messages:        12        12
      Prefix Statistics:
                             Sent      Rcvd
        IPv4 Unicast:           9         4
        IPv6 Unicast:           0         0
        IPv4 SR-TE:             0         0
        IPv6 SR-TE:             0         0
      Inbound updates dropped by reason:
        AS path loop detection: 0
        Enforced First AS: 0
        Originator ID matches local router ID: 0
        Nexthop matches local IP address: 0
        Unexpected IPv6 nexthop for IPv4 routes: 0
        Nexthop invalid for single hop eBGP: 0
      Inbound updates with attribute errors:
        Resulting in removal of all paths in update (treat-as-withdraw): 0
        Resulting in AFI/SAFI disable: 0
        Resulting in attribute ignore: 0
      Inbound paths dropped by reason:
        IPv4 labeled-unicast NLRIs dropped due to excessive labels: 0
        IPv6 labeled-unicast NLRIs dropped due to excessive labels: 0
      Outbound paths dropped by reason:
        IPv4 local address not available: 0
        IPv6 local address not available: 0
    Local AS is 64500, local router ID 10.0.0.102
    TTL is 255, BGP neighbor may be upto 1 hops away
    Local TCP address is 10.1.0.102, local port is 179
    Remote TCP address is 10.1.0.100, remote port is 33171
    Auto-Local-Addr is disabled
    TCP Socket Information:
      TCP state is ESTABLISHED
      Recv-Q: 0/32768
      Send-Q: 0/32768
      Outgoing Maximum Segment Size (MSS): 1448
      Total Number of TCP retransmissions: 0
      Options:
        Timestamps enabled: yes
        Selective Acknowledgments enabled: yes
        Window Scale enabled: yes
        Explicit Congestion Notification (ECN) enabled: no
      Socket Statistics:
        Window Scale (wscale): 9,9
        Retransmission Timeout (rto): 204.0ms
        Round-trip Time (rtt/rtvar): 3.0ms/5.4ms
        Delayed Ack Timeout (ato): 40.0ms
        Congestion Window (cwnd): 10
        TCP Throughput: 39.20 Mbps
        Advertised Recv Window (rcv_space): 28960
    switch#

  • This command displays neighbor information for all neighbors.
    switch# show ip bgp neighbors
    BGP neighbor is 172.24.77.5, remote AS 100, external link
        BGP version 4, remote router ID 172.24.77.5, VRF default
    ...
        Neighbor Capabilities:
            Multiprotocol IPv4 Unicast: advertised
            Multiprotocol IPv4 Labeled Unicast: advertised and received and negotiated
            Four Octet ASN: advertised and received
            Route Refresh: advertised
            Send End-of-RIB messages: advertised
            Additional-paths Receive:
                IPv4 Unicast: advertised
                IPv4 Labeled Unicast: advertised
    ...
        Inbound updates dropped by reason:
            AS path loop detection: 0
            Enforced First AS: 0
            Malformed MPBGP routes: 0
            Originator ID matches local router ID: 0
            Nexthop matches local IP address: 0
            Unexpected IPv6 nexthop for IPv4 routes: 0
        Inbound paths dropped by reason:
            IPv4 labeled-unicast NLRIs dropped due to excessive labels: 0
    switch#

show ip bgp not-installed

The show ip bgp not-installed command displays the list of non-installed routes in the RIB.

Command Mode

EXEC

Command Syntax

show ip bgp not-installed

Example

This command displays the list of non-installed routes in the RIB.
switch# show ip bgp not-installed 
BGP routing table information for VRF default  
Router identifier 1.0.0.2, local AS number 100  
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E 
- ECMP head, e - ECMP  
                    S - Stale, c - Contributing to ECMP, b - backup  
Origin codes: i - IGP, e - EGP, ? - incomplete  
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - 
Link Local Nexthop  
  
        Network             Next Hop         Metric  LocPref Weight Path  
 * #    7.0.0.0/24          1.0.0.1          0       100     0      ?    
switch#

show ip bgp paths

The show ip bgp paths command displays all BGP AS paths in the database.

Command Mode

EXEC

Command Syntax

show ip bgp paths [VRF_INSTANCE]

Parameters

VRF_INSTANCE specifies VRF instances.
  • no parameter displays routing table for context-active VRF.
  • vrf vrf_name displays routing table for the specified VRF.
  • vrf all displays routing table for all VRFs.
  • vrf default displays routing table for default VRF.

Display Values
  • Refcount: number of routes using a listed path.
  • Metric: the path’s Multi Exit Discriminator (MED).
  • Path: the route’s AS path and its origin code.

Example

This command displays all BGP AS paths in the switch’s database.
switch# show ip bgp paths
Refcount Metric     Path
6        0          64510 64505 64506 64507 i (HashID 9)
6        0          64510 ? (HashID 8)
12       0          65530 65531 65532 e (HashID 5)
12       0          i (HashID 6)
6        0          64100 64200 i (HashID 4)
28       0          i (HashID 1)
7        0          ? (HashID 2)
40       0          64510 i (HashID 10)
19       0          64510 i (HashID 7)
2        0          i (HashID 3)
switch#

show ip bgp peer-group

The show ip bgp peer-group command displays the BGP version, address family, and group members for all BGP peer groups defined on the switch.

Command Mode

EXEC

Command Syntax

show ip bgp peer-group [GROUP][VRF_INSTANCE]

Parameters
  • GROUP peer group for which command displays information. Options include:
    • no parameter command displays information for all peer groups.
    • group_name name of peer group for which command displays information.

  • VRF_INSTANCE specifies VRF instances.
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command displays BGP peer group information for all peer groups on the switch.
switch# show ip bgp peer-group
BGP peer-group is EXTERNAL
  BGP version 4
  Static peer-group members:
    VRF default:
      10.1.0.100, state: Connect
        Negotiated MP Capabilities:
            IPv4 Unicast: No
            IPv6 Unicast: No
            IPv4 SR-TE: No
            IPv6 SR-TE: No
      10.2.0.101, state: Connect
        Negotiated MP Capabilities:
            IPv4 Unicast: No
            IPv6 Unicast: No
            IPv4 SR-TE: No
            IPv6 SR-TE: No
BGP peer-group is INTERNAL
  BGP version 4
  Listen-range subnets:
    VRF default:
      10.3.0.0/24, remote AS 64500
  Dynamic peer-group members:
    VRF default:
switch#

show ip bgp regexp

The show ip bgp regexp command displays Border Gateway Protocol (BGP) IPv4 routing-table entries that match the AS path attributes specified in the given regular expression.

Command Mode

EXEC

Command Syntax

show ip bgp regexp as_paths [VRF_INSTANCE]

Parameters
  • as_paths list of AS paths, formatted as a regular expression. Regular expressions are pattern matching strings that are composed of text characters and operators.

    Note: The AS delimiter (_) regular expression is not supported when BGP routes are filtered by community lists and the command output does not display BGP route information.

  • VRF_INSTANCE specifies the VRF instance of the BGP routing table to be displayed. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command displays information about the BGP IPv4 routes in the context-active VRF where the AS path is 64510.
switch# show ip bgp regex ^64510$
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP,  b - backup, L = labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST -Cluster List, LL Nexthop - Link Local Nexthop

        Network                Next Hop               Metric  LocPref Weight  Path
 *       10.2.0.0/24         10.2.0.101       0       100     0       64510 i
 * >     10.101.0.0/24       10.2.0.101       0       100     0       64510 i
 * >     10.101.1.0/24       10.2.0.101       0       100     0       64510 i
 * >     10.101.2.0/24       10.2.0.101       0       100     0       64510 i
switch#

show ip bgp summary

The show ip bgp summary command displays the summary of all IPv4 and IPv6 BGP neighbors based on exchanged Address Family Identifiers (AFI) and Subsequent Address Family Identifiers (SAFI) negotiations where AFI is “IP” and SAFI is “unicast” information.

Command Mode

EXEC

Command Syntax

show ip bgp summary [VRF_INSTANCE]

Parameters
  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Display Values

Header Row
  • BGP router identifier: the router identifier loopback address or highest IP address.
  • Local AS Number: AS number assigned to the switch.

Neighbor Table Columns
  • (First) Neighbor: neighbor’s IP address.
  • (Second) V: BGP version number.
  • (Third) AS: neighbor's AS number.
  • (Fourth) MsgRcvd: messages received from the neighbor.
  • (Fifth) MsgSent: messages sent to neighbor.
  • (Sixth) InQ: messages queued from neighbor.
  • (Seventh) OutQ: messages queued to send neighbor.
  • (Eighth) Up/Down: period the BGP session has been Established, or its current status.
  • (Ninth) State: State of the BGP session and the number of routes received from a neighbor.

After the maximum number of routes are received, the ninth field displays PfxRcd, and the connection becomes Idle. Maximum number of routes is set using the maximum paths (BGP) command.

Related Command

show ipv6 bgp summary

Example

This command displays the status of the switch’s BGP connections.
switch# show ip bgp summary
BGP summary information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Neighbor Status Codes: m - Under maintenance
  Neighbor         V  AS       MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.1.0.100       4  64496      1075      1083    0    0 00:04:04 Connect
  10.2.0.101       4  64510      1079      1088    0    0 00:04:14 Connect
switch#

show ip community-list

The show ip community-list command displays the BGP community lists configured on the switch.

Command Mode

EXEC

Command Syntax

show ip community-list [COMMUNITY_LIST]

Parameters

COMMUNITY_LIST community list for which command displays information. Options include:
  • no parameter command displays information for all community lists.
  • listname name of the community list (text string).

Example

This command displays the BGP paths in the switch’s database.
switch# show ip community-list hs-comm-list
ip community-list hs-comm-list permit 0:10
switch#

show ip extcommunity-list

The show ip extcommunity-list command displays the BGP extended community lists configured on the switch.

Command Mode

EXEC

Command Syntax

show ip extcommunity-list [COMMUNITY_LIST]

Parameters

COMMUNITY_LIST extended community list for which command displays information. Options include:
  • no parameter command displays information for all extended community lists.
  • listname command displays information for the specified extended community list.

Example

This command displays information for all extended extcommunity lists on the switch.
switch# show ip extcommunity-list
ip extcommunity-list hs-extcomm-list permit rt 3050:20
ip extcommunity-list hs-extcomm-list permit soo 172.17.52.2:30
ip extcommunity-list hs-extcomm-list permit rt 3050:70000
switch#

show ipv6 bgp

The show ipv6 bgp command displays IPv6 Border Gateway Protocol (BGP) routing-table entries. The output format depends on the command parameters:
  • data-block format displays comprehensive information for each specified BGP routing-table entry.
  • tabular format displays routing-table entries for specified IPv6 addresses.

Command Mode

EXEC

Command Syntax

show ipv6 bgp [FILTER][VRF_INSTANCE]

Parameters
  • FILTER routing table entries that the command displays. Options include:
    • no parameter displays all routing-table entries in tabular format.
    • detail displays all routing-table entries in data-block format.
    • ipv6_addr displays IPv6 host address in data-block format.
    • ipv6_prefix displays the route information of specified IPv6 prefix address in data-block format. Options include:
      • detail displays the detailed route information of specified IPv6 prefix address in data-block format.
      • longer-prefixes displays the route information of IPv6 prefix in data-block format.
      • longer-prefixes detail displays detailed route information of specified IPv6 prefix in data-block format.

    • community-list cmnty_list_name displays BGP routes filtered by the specified community list.
    • installed displays the information of installed BGP routes.
    • labeled-unicast displays the information of labeled-unicast BGP routes only.
    • not-installed displays the information of BGP routes that are not installed.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Guidelines

You must provide the IPv6 prefix in CIDR notation.

Related Command

show ip bgp

Example

This command displays the route information of 2001:10:1:0::102/64 in data-block format.
switch# show ipv6 bgp 2001:10:1:0::102/64
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
BGP routing table entry for 2001:10:1::/64
 Paths: 2 available
  Local
    - from - (10.0.0.102)
      Origin IGP, metric 1, localpref 0, IGP metric -, weight -, received 00:16:27 ago, valid, local, best, 
redistributed (Connected)
      Rx SAFI: Unicast
  64496
    2001:10:1::100 from 2001:10:1::100 (10.0.0.100)
      Origin INCOMPLETE, metric 42, localpref 100, IGP metric 1, weight 0, received 00:10:09 ago, valid, 
external
      Rx SAFI: Unicast
switch#

show ipv6 bgp match community

The show ipv6 bgp match community command displays IPv6 Border Gateway Protocol (BGP) routing-table entries, filtered by community.

Command Mode

EXEC

Command Syntax

show ipv6 bgp match community [COMM_1 ... COMM_n][MATCH_TYPE][INFO][VRF_INSTANCE]

Parameters
  • COMM_x community number or name, as specified in the route map that sets the community-list number. Options include:
    • aa:nn AS and network number, separated by colon. Each value ranges from 1 to 4294967295.
    • comm_num community number. Values range from 1 to 4294967040.
    • internet advertises route to Internet community.
    • local-as advertises route only to local peers.
    • no-advertise does not advertise route to any peer.
    • no-export advertises route only within BGP AS boundary.

  • MATCH_TYPE routes are filtered based on their communities. Options include:
    • no parameter routes must match at least one community in the list.
    • exact route must match all communities and include no other communities.

  • INFO type of information the command displays. Options include:
    • no parameter displays table of the routing entry-line items.
    • detail displays data block for each routing-table entry.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing-table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command displays information in data-block format for each routing-table entry with community 655:23590.
switch(config)# show ipv6 bgp match community 655:23590 detail
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
BGP routing table entry for 2001:10:100:1::/64
 Paths: 1 available
  64496 64497 65536
    2001:10:1::100 from 2001:10:1::100 (10.0.0.100)
      Origin IGP, metric 0, localpref 100, IGP metric 1, weight 0, received 01:09:29 ago, valid, external, best
      Community: 655:23590 64496:1000
      Rx SAFI: Unicast
switch(config)#

show ipv6 bgp peers

The show ipv6 bgp peers command displays IPv6 Border Gateway Protocol (BGP) and TCP session data for a specified neighbor. Command displays data for all neighbors if an address is not included.

Command Mode

EXEC

Command Syntax

show ipv6 bgp peers [NEIGHBOR_ADDR] [VRF_INSTANCE]

Parameters
  • NEIGHBOR_ADDR location of the neighbors. Options include:
    • no parameter command displays information for all neighbors.
    • ipv6_addr command displays information for the specified neighbor.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for the context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for the default VRF.

Related Command

show ip bgp peer-group

Example

This command displays information for the neighbor at 2001:10:1:0::100.
switch# show ipv6 bgp peers 2001:10:1:0::100
BGP neighbor is 2001:10:1::100, remote AS 64496, external link
  BGP version 4, remote router ID 10.0.0.100, VRF default
  Inherits configuration from and member of peer-group EXTERNAL
  Negotiated BGP version 4
  Member of update group 3
  Last read 00:00:01, last write 00:00:01
  Hold time is 180, keepalive interval is 60 seconds
  Configured hold time is 180, keepalive interval is 60 seconds
  Connect timer is inactive
  Idle-restart timer is inactive
  BGP state is Established, up for 00:12:01
  Number of transitions to established: 1
  Last state was OpenConfirm
  Last event was RecvKeepAlive
  Neighbor Capabilities:
    Multiprotocol IPv6 Unicast: advertised and received and negotiated
    Four Octet ASN: advertised and received and negotiated
    Route Refresh: advertised and received and negotiated
    Send End-of-RIB messages: advertised and received and negotiated
    Additional-paths recv capability:
      IPv6 Unicast: advertised
    Additional-paths send capability:
      IPv6 Unicast: received
  Restart timer is inactive
  End of rib timer is inactive
  Message Statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent      Rcvd
    Opens:                  1         1
    Notifications:          0         0
    Updates:                4         5
    Keepalives:            14        14
    Route-Refresh:          0         0
    Total messages:        19        20
  Prefix Statistics:
                         Sent      Rcvd
    IPv4 Unicast:           0         0
    IPv6 Unicast:           6         4
    IPv4 SR-TE:             0         0
    IPv6 SR-TE:             0         0
  Inbound updates dropped by reason:
    AS path loop detection: 0
    Enforced First AS: 0
    Originator ID matches local router ID: 0
    Nexthop matches local IP address: 0
    Unexpected IPv6 nexthop for IPv4 routes: 0
    Nexthop invalid for single hop eBGP: 0
  Inbound updates with attribute errors:
    Resulting in removal of all paths in update (treat-as-withdraw): 0
    Resulting in AFI/SAFI disable: 0
    Resulting in attribute ignore: 0
  Inbound paths dropped by reason:
    IPv4 labeled-unicast NLRIs dropped due to excessive labels: 0
    IPv6 labeled-unicast NLRIs dropped due to excessive labels: 0
  Outbound paths dropped by reason:
    IPv4 local address not available: 0
    IPv6 local address not available: 0
Local AS is 64500, local router ID 10.0.0.102
TTL is 1
Local TCP address is 2001:10:1::102, local port is 45983
Remote TCP address is 2001:10:1::100, remote port is 179
Auto-Local-Addr is disabled
TCP Socket Information:
  TCP state is ESTABLISHED
  Recv-Q: 0/32768
  Send-Q: 0/32768
  Outgoing Maximum Segment Size (MSS): 1428
  Total Number of TCP retransmissions: 0
  Options:
    Timestamps enabled: yes
    Selective Acknowledgments enabled: yes
    Window Scale enabled: yes
    Explicit Congestion Notification (ECN) enabled: no
  Socket Statistics:
    Window Scale (wscale): 9,9
    Retransmission Timeout (rto): 204.0ms
    Round-trip Time (rtt/rtvar): 1.4ms/2.7ms
    Delayed Ack Timeout (ato): 40.0ms
    Congestion Window (cwnd): 10
    TCP Throughput: 80.00 Mbps
    Advertised Recv Window (rcv_space): 28800
switch#

show ipv6 bgp peers (route type)

The show ipv6 bgp peers (route type) command displays information about the routes either advertised to or received from a specified IPv6 BGP neighbor. The show ipv6 bgp peers (route type) community command displays the same information for routes filtered by communities. Commands that do not include a route type revert to the show ipv6 bgp peers command.

The output format depends on the selected FILTER parameter:
  • data-block format displays comprehensive information for each specified route.
  • tabular format displays routing table entries in tabular format for the specified IP addresses.

Output produced by the longer-prefixes option includes the specified route and all more specific routes.

Command Mode

EXEC

Command Syntax

show ipv6 bgp peers neighbor_addr HOPDIRECT [FILTER] [VRF_INSTANCE]

show ipv6 bgp peers neighbor_addr [ROUTE_TYPE] HOPDIRECT [detail]

Parameters
  • neighbor_addr location of the neighbor.
  • ROUTE_TYPE filters route on route type. Options include:
    • ipv4 unicast displays IPv4 unicast routes.
    • ipv6 unicast displays IPv6 unicast routes.

  • HOPDIRECT filters route on the basis of direction from neighbor. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • FILTER routing table entries that the command displays. Options include:
    • no parameter displays all routing table entries in tabular format.
    • detail displays all routing table entries in data-block format.
    • ipv6_addr displays the IPv6 host address in data-block format.
    • ipv6_prefix displays the route information of specified IPv6 prefix in data-block format. Additional option:
      • longer-prefixes displays the route information of IPv4 prefix in data-block format.

  • VRF_INSTANCE specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Related Commands

show ipv6 bgp peers (route type) community

Example

This command displays information of all routes advertised to the neighbor at 2001:10:1:0::100.
switch# show ipv6 bgp peers 2001:10:1:0::100 advertised-routes
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop            Metric  LocPref Weight  Path
 * >     2001:10:1::/64         2001:10:1::102        -       -       -       64500 i
 * >     2001:10:2::/64         2001:10:1::102        -       -       -       64500 i
 * >     2001:10:3::/64         2001:10:1::102        -       -       -       64500 i
 * >     2001:10:101::/64       2001:10:1::102        -       -       -       64500 64510 i
 * >     2001:10:101:1::/64     2001:10:1::102        -       -       -       64500 64510 i
 * >     2001:10:101:2::/64     2001:10:1::102        -       -       -       64500 64510 i
switch#

show ipv6 bgp peers (route type) community

The show ipv6 bgp peers (route type) community command displays information about the routes either advertised to or received from a specified IPv6 BGP neighbor. The routes are filtered by community.

The show ipv6 bgp peers (route type) command displays the same information for routes filtered by IP addresses and prefixes.

Command Mode

EXEC

Command Syntax

show ipv6 bgp peers addr RTE community CM_1 [CM_2...CM_n] [MATCH] [INFO] [VRF_INST]

Parameters
  • addr neighbor location (IPv6 address).
  • RTE type of route that the command displays. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • CM_x community number or name, as specified in the route map that sets the community list number. The command must list at least one of the following community identifiers:
    • GSHUT well-known graceful shutdown community.
    • aa:nn AS and network number, separated by colon. Each value ranges from 1 to 4294967295.
    • comm_num community number. Values range from 1 to 4294967040.
    • internet advertises route to Internet community.
    • local-as advertises route only to local peers.
    • no-advertise does not advertise route to any peer.
    • no-export advertises route only within BGP AS boundary.

  • MATCH routes are filtered based on their communities. Options include:
    • no parameter routes must match at least one community in the list.
    • exact route must match all communities and include no other communities.

  • INFO type of information the command displays. Values include:
    • no parameter displays table of the routing entry line items.
    • detail displays data block for each routing table entry.

  • VRF_INST specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Related Command

show ipv6 bgp peers

Example

This command lists the routes advertised to the neighbor at 2001:10:1:0::102 with the community 64496:1000.
switch# show ipv6 bgp peers 2001:10:1:0::102 advertised-routes community 64496:1000
BGP routing table information for VRF default
Router identifier 10.0.0.100, local AS number 64496
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop            Metric  LocPref Weight  Path
 * >     2001:10:100:1::/64     2001:10:1::100        -       -       -       64496 64497 65536 i
switch#

show ipv6 bgp peers regexp

The show ipv6 bgp peers regexp command displays information about routes (advertised or received) from a specified IPv6 neighbor that match the AS-path attributes specified in the given regular expression.

Command Mode

EXEC

Command Syntax

show ipv6 bgp peers addr ROUTE regexp as_paths [VRF_INST]

Parameters
  • addr neighbor location (IPv6 address).
  • ROUTE type of route that the command displays. Options include:
    • advertised-routes displays routes advertised to the specified neighbor.
    • received-routes displays routes received from the specified neighbor (accepted and rejected).
    • routes displays routes received and accepted from specified neighbor.

  • as_paths list of AS paths, formatted as a regular expression. Regular expressions are pattern-matching strings that are composed of text characters and operators.

  • VRF_INST specifies VRF instances. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Example

This command displays information for routes received from the neighbor at 2001:10:1:0::100 which include AS number 64496 in their AS paths.
switch# show ipv6 bgp peers 2001:10:1:0::100 received-routes regex 64496
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

         Network                Next Hop              Metric  LocPref Weight Path
 *       2001:10:1::/64         2001:10:1::100        42      -       -      64496 ?
 * >     2001:10:100::/64       2001:10:1::100        200     -       -      64496 i
 * >     2001:10:100:1::/64     2001:10:1::100        -       -       -      64496 64497 65536 i
 * >     2001:10:100:2::/64     2001:10:1::100        42      -       -      64496 ?
switch#

show ipv6 bgp regexp

The show ipv6 bgp regexp command displays Border Gateway Protocol (BGP) IPv6 routing-table entries that match the AS-path attributes specified in the given regular expression.

Command Mode

EXEC

Command Syntax

show ipv6 bgp regexp as_paths [VRF_INSTANCE]

Parameters
  • as_paths slist of AS paths, formatted as a regular expression. Regular expressions are pattern matching strings that are composed of text characters and operators.
  • VRF_INSTANCE specifies the VRF instance of the BGP routing table to be displayed. Options include:
    • no parameter displays routing table for context-active VRF.
    • vrf vrf_name displays routing table for the specified VRF.
    • vrf all displays routing table for all VRFs.
    • vrf default displays routing table for default VRF.

Related Command

show ip bgp regexp

Examples

This command displays information about the BGP IPv6 routes in the context-active VRF that pass through AS 64496.
switch# show ipv6 bgp regex _64496_
BGP routing table information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Route status codes: s - suppressed, * - valid, > - active, # - not installed, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP,  b - backup, L = labeled-unicast
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST -Cluster List, LL Nexthop - Link Local Nexthop

        Network                Next Hop               Metric  LocPref Weight  Path
 *       2001:10:1::/64      2001:10:1::100   42      100     0       64496 ?
 * >     2001:10:100::/64    2001:10:1::100   200     100     0       64496 i
 * >     2001:10:100:1::/64  2001:10:1::100   0       100     0       64496 64497 65536 i
 * >     2001:10:100:2::/64  2001:10:1::100   42      100     0       64496 ?
switch#

show ipv6 bgp summary

The show ipv6 bgp summary command displays the summary of all IPv4 and IPv6 BGP neighbors based on Address Family Identifier (AFI) and Subsequent Address Family Identifier (SAFI) negotiations where AFI is “IPv6” and SAFI is “Unicast” information.

Command Mode

EXEC

Command Syntax

show ipv6 bgp summary [VRF_INSTANCE]

Parameters

VRF_INSTANCE specifies VRF instances. Options include:
  • no parameter displays routing table for context-active VRF.
  • vrf vrf_name displays routing table for the specified VRF.
  • vrf all displays routing table for all VRFs.
  • vrf default displays routing table for default VRF.

Display Values

Header Row
  • BGP router identifier: the router identifier; loopback address or highest IP address.
  • Local AS number: AS number assigned to switch.

Neighbor Table Columns
  • (First) Neighbor: neighbor’s IP address.
  • (Second) V: BGP version number.
  • (Third) AS: neighbor’s AS number.
  • (Fourth) MsgRcvd: messages received from the neighbor.
  • (Fifth) MsgSent: messages sent to neighbor.
  • (Sixth) InQ: messages queued from neighbor.
  • (Seventh) OutQ: messages queued to send neighbor.
  • (Eighth) Up/Down: period the BGP session has been Established, or its current status.
  • (Ninth) State: state of the BGP session and the number of routes received from a neighbor.
  • (Tenth) PfxRcd: the count of prefixes received by BGP per neighbor.
  • (Eleventh) PfxAcc: the count of prefixes added to the BGP RIB among all received prefixes.

Related Command

show ip bgp summary

Example

This command displays the status of the switch’s BGP connections.
switch# show ipv6 bgp summary
BGP summary information for VRF default
Router identifier 10.0.0.102, local AS number 64500
Neighbor Status Codes: m - Under maintenance
  Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  2001:10:1::100   4  64496             37        36    0    0 00:29:33 Estab   4      4
  2001:10:2::101   4  64510             35        38    0    0 00:29:37 Estab   4      4
switch#

show peer-filter

The show peer-filter command displays the definition of a peer filter.

Command Mode

EXEC

Command Syntax

show peer-filter filter_name

Parameter

filter_name name of the peer-filter group.

Example

This command displays the peer-filter group information for group3.
switch# show peer-filter group3
peer-filter group3
   10 match as-range 65003 result accept
   20 match as-range 65007 result accept
   30 match as-range 65009 result accept
switch#

show run|section bgp

When using the show run command, it displays the entire running configuration. Sometimes this is unnecessary, so to target your output you can use the show run|section bgp command which will display only the BGP section.

Command Mode

bgp-router

Command Syntax

show run | section bgp [name]

Parameter

name name of the peer-group.

Example

Once the peer group request are completed, then run the show run|section bgp command to display only the BGP section of the running configuration.

switch(config-router-bgp)# show run|section bgp router bgp 300
switch(config-router-bgp)# neighbor interface Et1-2,4-6 peer-group PG1 remote-as 100
switch(config-router-bgp)# neighbor interface Et3 peer-group PG2 remote-as 200
switch(config-router-bgp)# neighbor interface vlan2000-2002 peer-group PG1 remote-as 100

show tunnel rib brief

The show tunnel rib brief command displays the preferred tunnels for various IP endpoints, optionally filtered by endpoint. Each tunnel RIB entry in the output displays the type of the tunnel (such as BGP LU) and a numerical index uniquely identifying that tunnel within the type-specific tunnel table.

Command Mode

EXEC

Command Syntax

show bgp tunnel rib brief

Example

This command displays the tunnel type and the index value.
switch# show tunnel rib brief
Endpoint          Tunnel Type       Indexes
----------------- ----------------- -------
10.1.1.0/32       BGP LU            2
11.1.1.0/32       BGP LU            1, 3
switch#

shutdown (BGP)

The shutdown command disables BGP on the switch without modifying the BGP configuration.

The no shutdown and default shutdown commands enable the BGP instance by removing the shutdown command from running-config.

Command Mode

Router-BGP Configuration

Command Syntax

shutdown

no shutdown

default shutdown

Examples
  • These commands disable BGP on the switch.
    switch(config)# router bgp 9
    switch(config-router-bgp)# shutdown
    switch(config-router-bgp)#

  • These commands enable BGP on the switch.
    switch(config)# router bgp 9
    switch(config-router-bgp)# no shutdown
    switch(config-router-bgp)#

timers bgp

The timers bgp command configures the BGP keepalive and hold times.Timer settings apply to each peer connection. The neighbor timers command configures the times on a specified peer connection.
  • Keepalive time: period between the transmission of consecutive keepalive messages.
  • Hold time: period the switch waits for a keepalive or UPDATE message before it disables peering.

The hold time must be at least 3 seconds and should be three times longer than the keepalive setting.

The no timers bgp and default timers bgp commands return the time settings to their default values by removing the timers bgp command from running-config. The default values are:
  • keepalive: 60 seconds.
  • hold time: 180 seconds.

Command Mode

Router-BGP Configuration

Command Syntax

timers bgp keep_alive hold_time

no timers bgp

default timers bgp

Parameters
  • keep_alive keepalive period, in seconds. Values include:
    • 0 keepalive messages are not sent.
    • 1 to 3600 keepalive time (seconds).

  • hold_time hold time. Values include:
    • 0 peering is not disabled by timeout expiry; keepalive packets are not sent.
    • 3 to 7200 hold time (seconds).

Example

This command sets the keepalive time to 30 seconds and the hold time to 90 seconds.
switch(config)# router bgp 9
switch(config-router-bgp)# timers bgp 30 90
switch(config-router-bgp)#

update wait-for-convergence

The update wait-for-convergence command disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.

The no update wait-for-convergence command allows FIB updates and route advertisement irrespective of the BGP convergence state.

Command Mode

Router-BGP Configuration

Command Syntax

update wait-for-convergence

no update wait-for-convergence

default update wait-for-convergence

Related Commands
  • clear ip bgp removes learned BGP routes from the routing table, reads all routes from designated peers, and sends routes to those peers as required.
  • bgp convergence slow-peer time configures the BGP convergence idle peer timeout value.
  • bgp convergence time configures the BGP convergence timeout value.
  • show bgp convergence displays information about the BGP convergence state; and other statistics about the BGP instance in either the specified VRF or all VRFs.

Guidelines

The initiation of BGP instance includes the following scenarios:
  • the BGP instance starts for the first time after a switch is reloaded.
  • the BGP instance restarts.
  • all sessions are cleared by using the clear ip bgp * command.

Configuration changes made by using this command are effective from the next initiation of a BGP instance.

Example

This command disables FIB updates and route advertisement when the BGP instance is initiated until the BGP convergence state is reached.
switch(config)# router bgp 9
switch(config-router-bgp)# update wait-for-convergence
switch(config-router-bgp)#

update wait-install

The update wait-install command causes BGP to defer the advertisement of routes until the routes have been programmed in hardware. This applies to new routes and does not affect routes that have already been advertised to peers.

vrf

The vrf command places the switch in BGP VRF configuration mode for the specified VRF. Commands issued in this mode will override global BGP configuration for the specified VRF.

Command Mode

Router-BGP Configuration

Command Syntax

vrf vrf_instance

Parameter

vrf_instance VRF to be configured.

Example

These commands place the switch in BGP VRF configuration mode for VRF purple.
switch(config)# router bgp 9
switch(config-router-bgp)# vrf purple
switch(config-router-bgp-vrf-purple)#