On This Page
Border Gateway Protocol (BGP) is an exterior gateway protocol which is designed to transfer routing information between routers. It maintains and propagates a table of routes which designates network reachability among autonomous systems (ASs).
BGP neighbors, or peers, are routers configured manually to converse using the BGP protocol on top of a TCP session on port 179. A BGP speaker periodically sends keep-alive messages to maintain the connection. Network reachability includes such information as forwarding destinations (IPv4 or IPv6) together with a list of ASs that this information traverses and other attributes, so it becomes possible to construct a graph of AS connectivity without routing loops. BGP makes possible to apply policy rules to enforce connectivity graph.
BGP routers communicate through TCP connection on port 179. Connection between BGP neighbors is configured manually or can be established dynamically by configuring dynamic listen groups. When BGP runs between two peers in the same AS, it is referred to as Internal BGP (iBGP, or Interior Border Gateway Protocol). When it runs between separate ASs, it is called External BGP (eBGP, or Exterior Border Gateway Protocol). Both sides can initiate a connection, after the initial connectivity is created, BGP state machine drives both sides to enter into ESTABLISHED state where they can exchange UPDATE messages with reachability information.
In order to make decisions in its operations with peers, a BGP peer uses a simple finite state machine (FSM) that consists of six states: Idle; Connect; Active; OpenSent; OpenConfirm; and Established. For each peer-to-peer session, a BGP implementation maintains a state variable that tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another.
The first state is the “Idle” state. In “Idle” state, BGP initializes all resources, refuses all inbound BGP connection attempts and initiates a TCP connection to the peer. The second state is “Connect”. In the “Connect” state, the router awaits the TCP connection to complete and transitions to the “OpenSent” state if successful. If unsuccessful, it initializes the ConnectRetry timer and transitions to the “Active” state upon expiration. In the “Active” state, the router resets the ConnectRetry timer to zero and returns to the “Connect” state. In the “OpenSent” state, the router sends an Open message and waits for one in return in order to transition to the “OpenConfirm” state. KeepAlive messages are exchanged and, upon successful receipt, the router is placed into the “Established” state. In the “Established” state, the router can send/receive: KeepAlive; Update; and Notification messages to/from its peer.
Default Address Family defines which address family is activated when peer or peer-group becomes active.
When the default address family configuration is modified – it will cause a renegotiation of capabilities for all neighbors that do not have explicit configuration of active address families. The default address family in BGP is IPv4.
Default Route Originate initial value is set to “false”.
Any BGP peer can be defined as part of a peer group and it will inherit peer group configuration or have its own configuration.
A system will automatically generate an update group from peer groups members.
Peer that has a different outbound policy from peer-group will not become a part of update group.
Follow these steps for basic BGP configuration on two switches (Router 1 and Router 2):
Enable IP routing functionality. Run:
switch(config)# ip routing
Enable the desired VLAN. Run:
The same VLAN must be configured on both switches.
Add this VLAN to the desired interface. Run:
1)# switchport access vlan
Create a VLAN interface. Run:
Apply IP address to the VLAN interface on Router 1. Run:
10)# ip address
Apply IP address to the VLAN interface on Router 2. Run:
10)# ip address
Enable the interface. Run:
10)# no shutdown
Enable BGP. Run:
switch(config)# protocol bgp
Configure an AS number that identifies the BGP router. Run:
switch(config)# router bgp
To run iBGP, the AS number of all remote neighbors should be identical to the local AS number of the configured router.
Configure BGP Router 1 neighbor. Run:
switch(config router bgp
Configure BGP Router 2 neighbor. Run:
switch(config router bgp
Check the general status of BGP. Run:
switch(config)# show ip bgp summary BGP router identifier
10.1, local AS number
100BGP table version is
100, main routing table version
0network entries using
0bytes of memory
0path entries using
0bytes of memory
0BGP AS-PATH entries using
0bytes of memory
0BGP community entries using
0bytes of memory
0BGP extended community entries using
0bytes of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
switch(config)# BGP summary information
default, address family IPv4
• Verify that the state of each BGP neighbor reached to ESTABLISHED state.
• If the neighbor is disabled (shutdown). The state of the neighbor will be IDLE.
• BGP incoming and outgoing messages should be incremented.
• The AS number of each neighbor is the correct one.
Check the status of the neighbors. Run:
switch(config)# show ip bgp neighbors BGP neighbor is
10.2, remote AS
100, external link BGP version
0, remote router ID
0.0BGP State = ESTABLISHED Last read
00, last write
00, hold time is
180, keepalive interval is
60seconds Configured hold time is
180, keepalive interval is
60seconds Minimum holdtime from neighbor is
You should be able to see running BGP counters and ESTABLISHED state per active neighbor.
Ethernet Virtual Private Network (EVPN) technology provides L2 and L3 VPN services by advertising Ethernet MAC addresses and IP routes over BGP address family. This technology supports multiple forwarding planes including VXLAN.
BGP Layer2-EVPN address family distributes EVPN “routes” between EVPN enabled nodes where some of them are Virtual Tunnel Endpoints (VTEPs) with VXLAN functionality and some of them are transit nodes that perform BGP reflection functionality.
The following route types are defined by RFC 7432:
MAC/IP advertisement route (route type 2) – advertises MAC and IP addresses of end-systems and their mapping to broadcast domains (VXLAN VNIs and EVPN EVIs). It is used for unicast forwarding, ARP suppression, and advertising default gateway in the EVPN network.
Inclusive multicast Ethernet tag route (route type 3) – advertises EVPN bridge domain (EVI) and originating router IP address. The EVPN network uses those addresses to instantiate forwarding plane for BUM (Broadcast, unknown Unicast, unknown Multicast) traffic.
IP prefix route (type 5) – advertises IP prefix, IP gateway, IP address, and HW encapsulation (VNI in the case of VXLAN). This route is used to establish IP prefix LPM routing in the EVPN nodes.
Other route types (type 1 and 4) are used in multi-homing environments only.
RFC 7432 defines BGP attributes that should be used together with Layer-2 EVPN address family routes:
PMSI tunnel attributes – used for inclusive multicast Ethernet tag route to define multicast type (head end replication) and data path (VNI)
MAC mobility extended community – used in MAC/IP routes to inform neighbors about MAC roaming events
Default gateway – used by MAC/IP route to establish default gateway routes
Route targets – used by all routes to import and export BGP Layer-2 VPN to forwarding and from plane
BGP unnumbered feature enables a user to establish a BGP session through a P2P Layer-3 link (port or port-channel) without specifying what the IP address of the remote neighbor is, nor what the neighbor’s ASN number is.
This Layer-3 link is capable of running IPv6, so the system will use IPv6 link-local addresses that are automatically generated by each IPv6 interface of the local and remote peer. These addresses will be used to establish the BGP TCP session. The ASN number is ignored during the BGP session establishment.
Once IPv6 BGP session is established, the system is able to exchange IPv4 NLRIs (prefixes) over IPv6 BGP session using IPv6 link-local neighbor address as a next hop. The system associates the IPv6 link local address with that neighbor so that the neighbor will be used as a next hop for the routes.
This feature is useful when provisioning a big data center fabric:
It does not require allocation of an IP subnet on each pair of connected switches
It simplifies the massive configuration and automation
Remote link-local neighbor address should be available in the local neighbor cache. This address can be populated in any way (ping, static configuration, etc.). It is recommended to use the IPv6 Router Advertisement capability of the router so that the address is populated and refreshed periodically.
Only one neighbor should be available. If more than one exists, one of them is randomly selected.
An ARP entry for 169.254.101.101 is automatically created on each interface on which BGP Unnumbered is configured.
switch(config) # show ip arp VRF Name
default: Total number of entries:
3------------------------------------------------------------------------------------ Address Type Hardware Address Interface ------------------------------------------------------------------------------------ . . .
17. . .
BGP unnumbered uses 169.254.101.101 as the unnumbered nexthop. As such, while using BGP unnumbered, do not use this address in your topology in the following usages:
The interface's IPv4 addresses
The prefix or nexthop of static routes
The ARP neighbor address
IBGP is not supported for BGP unnumbered.
For a basic BGP unnumbered configuration, do the following:
Enable IP routing and IPv6 routing
ip routing vrf
defaultipv6 routing vrf
Configure a vrf loopback interface
defaultip address alias loopback1
Enable IP and IPv6 forwarding on interface
2no switchport force
2ipv6 enable no
2ipv6 nd ra suppress
protocol bgp router bgp
Enable BGP unnumbered interfaces
Test if the session connected well.
switch(config) # show ip bgp neighbors
2BGP neighbor: ethernet
8508), remote AS:
100, link: external: BGP version :
4Configured hold time in seconds :
180keepalive interval in seconds (configured) :
60keepalive interval in seconds (established with peer):
60Minimum holdtime from neighbor in seconds :
180Peer group : Neighbor configuration: ------------------------------------------------------------------------ Configuration IPV4 Unicast IPV6 Unicast L2VPN EVPN ------------------------------------------------------------------------ Configured AFI SAFI Enabled Disabled Disabled Send Community Disabled Disabled Disabled Send Extended Community Disabled Disabled Disabled Route Reflection Disabled Disabled Disabled Next Hop Unchanged Disabled Disabled Disabled Extended next hop IPv4 Disabled Enabled Disabled Neighbor capabilities: Route Refresh : advertise and received Enhanced Route Refresh : advertise and received Soft Reconfiguration : Disabled Graceful Restart Capability: advertise and received Address family IPv4 Unicast: advertise and received Address family IPv6 Unicast: n/a Address family L2VPN EVPN : n/a Extended next hop IPv4 : advertise and received Message statistics: InQ depth :
0...... Connection Information: Connections established :
0Last Reset :
36Last Drop Reason :
0) Maximum hops to external BGP neighbor:
1Connection State : ESTABLISHED Local host : fe80::268a:7ff:fe7b:
8408Local port :
43870Foreign host : ethernet
8508) Remote port :