Border Gateway Protocol (BGP) is an exterior gateway protocol which is designed to transfer routing information between routers. It maintains and propagates a table of routes which designates network reachability among autonomous systems (ASs).
BGP neighbors, or peers, are routers configured manually to converse using the BGP protocol on top of a TCP session on port 179. A BGP speaker periodically sends keep-alive messages to maintain the connection. Network reachability includes such information as forwarding destinations (IPv4 or IPv6) together with a list of ASs that this information traverses and other attributes, so it becomes possible to construct a graph of AS connectivity without routing loops. BGP makes possible to apply policy rules to enforce connectivity graph.
BGP routers communicate through TCP connection on port 179. Connection between BGP neighbors is configured manually or can be established dynamically by configuring dynamic listen groups. When BGP runs between two peers in the same AS, it is referred to as Internal BGP (iBGP, or Interior Border Gateway Protocol). When it runs between separate ASs, it is called External BGP (eBGP, or Exterior Border Gateway Protocol). Both sides can initiate a connection, after the initial connectivity is created, BGP state machine drives both sides to enter into ESTABLISHED state where they can exchange UPDATE messages with reachability information.
In order to make decisions in its operations with peers, a BGP peer uses a simple finite state machine (FSM) that consists of six states: Idle; Connect; Active; OpenSent; OpenConfirm; and Established. For each peer-to-peer session, a BGP implementation maintains a state variable that tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another.
The first state is the “Idle” state. In “Idle” state, BGP initializes all resources, refuses all inbound BGP connection attempts and initiates a TCP connection to the peer. The second state is “Connect”. In the “Connect” state, the router awaits the TCP connection to complete and transitions to the “OpenSent” state if successful. If unsuccessful, it initializes the ConnectRetry timer and transitions to the “Active” state upon expiration. In the “Active” state, the router resets the ConnectRetry timer to zero and returns to the “Connect” state. In the “OpenSent” state, the router sends an Open message and waits for one in return in order to transition to the “OpenConfirm” state. KeepAlive messages are exchanged and, upon successful receipt, the router is placed into the “Established” state. In the “Established” state, the router can send/receive: KeepAlive; Update; and Notification messages to/from its peer.
Default Address Family
Default Address Family defines which address family is activated when peer or peer-group becomes active.
When the default address family configuration is modified – it will cause a renegotiation of capabilities for all neighbors that do not have explicit configuration of active address families. The default address family in BGP is IPv4.
Default Route Originate
Default Route Originate initial value is set to “false”.
Peer Groups and Update Groups
Any BGP peer can be defined as part of a peer group and it will inherit peer group configuration or have its own configuration.
A system will automatically generate an update group from peer groups members.
Peer that has a different outbound policy from peer-group will not become a part of update group.
Follow these steps for basic BGP configuration on two switches (Router 1 and Router 2):
Enable IP routing functionality. Run:
switch (config)# ip routing
Enable the desired VLAN. Run:
switch (config)# vlan 10
The same VLAN must be configured on both switches.
Add this VLAN to the desired interface. Run:
switch (config)# interface ethernet 1/1 switch (config interface ethernet 1/1)# switchport access vlan 10
Create a VLAN interface. Run:
switch (config)# interface vlan 10
Apply IP address to the VLAN interface on Router 1. Run:
switch (config interface vlan 10)# ip address 10.10.10.1 /24
Apply IP address to the VLAN interface on Router 2. Run:
switch (config interface vlan 10)# ip address 10.10.10.2 /24
Enable the interface. Run:
switch (config interface vlan 10)# no shutdown
Enable BGP. Run:
switch (config)# protocol bgp
Configure an AS number that identifies the BGP router. Run:
switch (config)# router bgp 100
To run iBGP, the AS number of all remote neighbors should be identical to the local AS number of the configured router.
Configure BGP Router 1 neighbor. Run:
switch (config router bgp 100)# neighbor 10.10.10.2 remote-as 100
Configure BGP Router 2 neighbor. Run:
switch (config router bgp 100)# neighbor 10.10.10.1 remote-as 100
Check the general status of BGP. Run:
switch (config)# show ip bgp summary BGP router identifier 10.10.10.1, local AS number 100 BGP table version is 100, main routing table version 100 0 network entries using 0 bytes of memory 0 path entries using 0 bytes of memory 0 BGP AS-PATH entries using 0 bytes of memory 0 BGP community entries using 0 bytes of memory 0 BGP extended community entries using 0 bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.10.10.2 0 100 100 76 3 0 0 00:0:10:19 ESTABLISHED switch (config)# BGP summary information for VRF default, address family IPv4
• Verify that the state of each BGP neighbor reached to ESTABLISHED state.
• If the neighbor is disabled (shutdown). The state of the neighbor will be IDLE.
• BGP incoming and outgoing messages should be incremented.
• The AS number of each neighbor is the correct one.
Check the status of the neighbors. Run:
switch (config)# show ip bgp neighbors BGP neighbor is 10.10.10.2, remote AS 100, external link BGP version 0, remote router ID 0.0.0.0 BGP State = ESTABLISHED Last read 0:00:00:00, last write 0:00:00:00, hold time is 180, keepalive interval is 60 seconds Configured hold time is 180, keepalive interval is 60 seconds Minimum holdtime from neighbor is 0 seconds
You should be able to see running BGP counters and ESTABLISHED state per active neighbor.
Ethernet Virtual Private Network
Ethernet Virtual Private Network (EVPN) technology provides L2 and L3 VPN services by advertising Ethernet MAC addresses and IP routes over BGP address family. This technology supports multiple forwarding planes including VXLAN.
BGP Layer2-EVPN address family distributes EVPN “routes” between EVPN enabled nodes where some of them are Virtual Tunnel Endpoints (VTEPs) with VXLAN functionality and some of them are transit nodes that perform BGP reflection functionality.
The following route types are defined by RFC 7432:
- MAC/IP advertisement route (route type 2) – advertises MAC and IP addresses of end-systems and their mapping to broadcast domains (VXLAN VNIs and EVPN EVIs). It is used for unicast forwarding, ARP suppression, and advertising default gateway in the EVPN network.
- Inclusive multicast Ethernet tag route (route type 3) – advertises EVPN bridge domain (EVI) and originating router IP address. The EVPN network uses those addresses to instantiate forwarding plane for BUM (Broadcast, unknown Unicast, unknown Multicast) traffic.
- IP prefix route (type 5) – advertises IP prefix, IP gateway, IP address, and HW encapsulation (VNI in the case of VXLAN). This route is used to establish IP prefix LPM routing in the EVPN nodes.
Other route types (type 1 and 4) are used in multi-homing environments only.
RFC 7432 defines BGP attributes that should be used together with Layer-2 EVPN address family routes:
- PMSI tunnel attributes – used for inclusive multicast Ethernet tag route to define multicast type (head end replication) and data path (VNI)
- MAC mobility extended community – used in MAC/IP routes to inform neighbors about MAC roaming events
- Default gateway – used by MAC/IP route to establish default gateway routes
- Route targets – used by all routes to import and export BGP Layer-2 VPN to forwarding and from plane
BGP unnumbered feature enables a user to establish a BGP session through a P2P Layer-3 link (port or port-channel) without specifying what the IP address of the remote neighbor is, nor what the neighbor’s ASN number is.
This Layer-3 link is capable of running IPv6, so the system will use IPv6 link-local addresses that are automatically generated by each IPv6 interface of the local and remote peer. These addresses will be used to establish the BGP TCP session. The ASN number is ignored during the BGP session establishment.
Once IPv6 BGP session is established, the system is able to exchange IPv4 NLRIs (prefixes) over IPv6 BGP session using IPv6 link-local neighbor address as a next hop. The system associates the IPv6 link local address with that neighbor so that the neighbor will be used as a next hop for the routes.
This feature is useful when provisioning a big data center fabric:
- It does not require allocation of an IP subnet on each pair of connected switches
- It simplifies the massive configuration and automation
Remote link-local neighbor address should be available in the local neighbor cache. This address can be populated in any way (ping, static configuration, etc.). It is recommended to use the IPv6 Router Advertisement capability of the router so that the address is populated and refreshed periodically.
Only one neighbor should be available. If more than one exists, one of them is randomly selected.
An ARP entry for 169.254.101.101 is automatically created on each interface on which BGP Unnumbered is configured.
switch (config) # show ip arp VRF Name default: Total number of entries: 3 ------------------------------------------------------------------------------------ Address Type Hardware Address Interface ------------------------------------------------------------------------------------ . . . 169.254.101.101 Static ETH 24:8A:07:7B:85:08 eth 1/17 . . .
BGP unnumbered uses 169.254.101.101 as the unnumbered nexthop. As such, while using BGP unnumbered, do not use this address in your topology in the following usages:
- The interface's IPv4 addresses
- The prefix or nexthop of static routes
- The ARP neighbor address
IBGP is not supported for BGP unnumbered.
Configuring BGP Unnumbered
For a basic BGP unnumbered configuration, do the following:
Enable IP routing and IPv6 routing
ip routing vrf default ipv6 routing vrf default
Configure a vrf loopback interface
interface loopback 1 interface loopback 1 ip address 184.108.40.206/32 primary interface vrf default ip address alias loopback1
Enable IP and IPv6 forwarding on interface
interface ethernet 1/2 no switchport force interface ethernet 1/2 ip enable interface ethernet 1/2 ipv6 enable no interface ethernet 1/2 ipv6 nd ra suppress
protocol bgp router bgp 200 vrf default
Enable BGP unnumbered interfaces
router bgp 200 vrf default neighbor interface ethernet 1/2
Test if the session connected well.
switch (config) # show ip bgp neighbors interface ethernet 1/2 BGP neighbor: ethernet 1/2 (fe80::268a:7ff:fe7b:8508), remote AS: 100, link: external: BGP version : 4 Configured hold time in seconds : 180 keepalive interval in seconds (configured) : 60 keepalive interval in seconds (established with peer): 60 Minimum holdtime from neighbor in seconds : 180 Peer group : Neighbor configuration: ------------------------------------------------------------------------ Configuration IPV4 Unicast IPV6 Unicast L2VPN EVPN ------------------------------------------------------------------------ Configured AFI SAFI Enabled Disabled Disabled Send Community Disabled Disabled Disabled Send Extended Community Disabled Disabled Disabled Route Reflection Disabled Disabled Disabled Next Hop Unchanged Disabled Disabled Disabled Extended next hop IPv4 Disabled Enabled Disabled Neighbor capabilities: Route Refresh : advertise and received Enhanced Route Refresh : advertise and received Soft Reconfiguration : Disabled Graceful Restart Capability: advertise and received Address family IPv4 Unicast: advertise and received Address family IPv6 Unicast: n/a Address family L2VPN EVPN : n/a Extended next hop IPv4 : advertise and received Message statistics: InQ depth : 0 OutQ depth: 0 ...... Connection Information: Connections established : 1 Dropped : 0 Last Reset : 0:00:00:36 Last Drop Reason : 0 (0) Maximum hops to external BGP neighbor: 1 Connection State : ESTABLISHED Local host : fe80::268a:7ff:fe7b:8408 Local port : 43870 Foreign host : ethernet 1/2 (fe80::268a:7ff:fe7b:8508) Remote port : 179
Additional Reading and Use Cases
For more information about this feature and its potential applications, please refer to the following community posts: