Cisco IOS XR Software Release 6.3 Configuration Guide

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR

Release 6.3.x

First Published: 2017-09-01

Last Modified: 2018-03-01

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,

INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH

THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,

CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.

CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT

LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS

HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network

topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional

and coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a

partnership relationship between Cisco and any other company. (1721R)

CONTENTS

Preface ix

PREFACE

Changes to This Document ix

Communications, Services, and Additional Information ix

New and Changed BGP Features 1

CHAPTER 1

New and Changed BGP Features 1

Implementing BGP 3

CHAPTER 2

Information about Implementing BGP 3

BGP Router Identifier 3

BGP Default Limits 4

BGP Attributes and Operators 5

BGP Best Path Algorithm 15

Comparing Pairs of Paths 15

Order of Comparisons 17

Best Path Change Suppression 18

BGP Update Generation and Update Groups 18

BGP Update Group 19

BGP Cost Community Reference 19

BGP Next Hop Reference 19

BGP Nonstop Routing Reference 22

BGP Route Reflectors Reference 23

iBGP Multipath Load Sharing Reference 24

L3VPN iBGP PE-CE Reference 24

MPLS VPN Carrier Supporting Carrier 25

Per VRF and Per CE Label for IPv6 Provider Edge 26

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

iii

IPv6 Unicast Routing 26

Remove and Replace Private AS Numbers from AS Path in BGP 26

BGP Update Message Error Handling 27

BGP Error Handling and Attribute Filtering Syslog Messages 27

BGP-RIB Feedback Mechanism for Update Generation 28

Use-defined Martian Check 28

BGP Functional Overview 29

Enable BGP Routing 29

Adjust BGP Timers 34

Change BGP Default Local Preference Value 35

Configure MED Metric for BGP 36

Configure BGP Weights 37

Tune BGP Best-Path Calculation 38

Set BGP Administrative Distance 40

Indicate BGP Back-door Routes 42

Configure Aggregate Addresses 44

Understanding BGP MD5 Authentication 45

Configuring BGP MD5 Authentication 46

Hiding the Local AS Number for BGP Networks 46

Configuring BGP to Hide the Local AS Number 47

Autonomous System Number Formats in BGP 48

2-byte Autonomous System Number Format 48

4-byte Autonomous System Number Format 48

as-format Command 48

BGP Multi-Instance and Multi-AS 48

BGP Routing Domain Confederation 50

Configure Routing Domain Confederation for BGP 50

BGP Additional Paths 53

Configure BGP Additional Paths 54

BGP Maximum Prefix 56

Configure Discard Extra Paths 56

BGP Best-External Path 59

Configure Best-External Path Advertisement 59

BGP Local Label Retention 61

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

iv

Contents

Retain Allocated Local Label for Primary Path 61

iBGP Multipath Load Sharing 62

Configure iBGP Multipath Load Sharing 62

Route Dampening 64

Configuring BGP Route Dampening 64

Routing Policy Enforcement 66

Apply Policy When Updating Routing Table 66

Configure BGP Neighbor Group and Neighbors 68

Disable BGP Neighbor 72

Resetting Neighbors Using BGP Inbound Soft Reset 73

Resetting Neighbors Using BGP Outbound Soft Reset 73

Reset Neighbors Using BGP Hard Reset 74

Configure Software to Store Updates from Neighbor 75

Log Neighbor Changes 77

BGP Route Reflectors 77

Configure Route Reflector for BGP 77

Configure BGP Route Filtering by Route Policy 79

Configure BGP Attribute Filtering 81

BGP Next Hop Tracking 82

Configure BGP Next-Hop Trigger Delay 82

Disable Next-Hop Processing on BGP Updates 83

BGP Cost Community 85

Configure BGP Cost Community 85

Configure BGP Community and Extended-Community Advertisements 88

Redistribute iBGP Routes into IGP 90

Redistribute IGPs to BGP 91

Update Groups 93

Monitor BGP Update Groups 93

L3VPN iBGP PE-CE 94

Restrictions for L3VPN iBGP PE-CE 94

Configuring L3VPN iBGP PE-CE 95

Flow-tag propagation 97

Restrictions for Flow-Tag Propagation 98

Source and destination-based flow tag 98

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

v

Contents

BGP Keychains 99

Configure Keychains for BGP 100

Master Key Tuple Configuration 101

BGP Nonstop Routing 104

Configure BGP Nonstop Routing 104

Disable BGP Nonstop Routing 105

Re-enable BGP Nonstop Routing 106

Resilient Hashing and Flow Auto-Recovery 107

Configure Persistent Loadbalancing 108

Accumulated Interior Gateway Protocol Attribute 110

Originate Prefixes with AiGP 110

Configure BGP Accept Own 112

BGP Link-State 116

Configure BGP Link-state 116

Configure Domain Distinguisher 117

BGP Permanent Network 119

Configure BGP Permanent Network 119

Advertise Permanent Network 121

Enable BGP Unequal Cost Recursive Load Balancing 123

DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 127

DMZ Link Bandwidth Over EBGP Peer 131

BGP Prefix Origin Validation using RPKI 134

Configure RPKI Cache-server 134

Configure RPKI Prefix Validation 137

Configure BGP Prefix Validation 139

Configure RPKI Bestpath Computation 140

Resilient Per-CE Label Allocation Mode 141

Configure Resilient Per-CE Label Allocation Mode Under VRF Address Family 142

Configure Resilient Per-CE Label Allocation Mode Using Route-Policy 144

BGP VRF Dynamic Route Leaking 145

Configure VRF Dynamic Route Leaking 146

Configuring a VPN Routing and Forwarding Instance in BGP 148

Define Virtual Routing and Forwarding Tables in Provider Edge Routers 148

Configure Route Distinguisher 150

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

vi

Contents

Configure PE-PE or PE-RR Interior BGP Sessions 152

Configure BGP as PE-CE Protocol 155

Resetting an eBGP Session Immediately Upon Link Failure 159

BGP Labeled Unicast Multiple Label Stack Overview 159

Configuration 160

Selective FIB Download 164

Configuring Selective FIB Download 166

Configuring BGP Large Communities 168

Configuring BGP Large Communities 173

BGP Dynamic Neighbors 179

CHAPTER 3

Configuring BGP Dynamic Neighbors using Address Range 179

Configuring BGP Dynamic Neighbors Using Address Range With Authentication 180

Maximum-peers and Idle-watch timeout 181

EVPN Virtual Private Wire Service (VPWS) 183

CHAPTER 4

Information About EVPN-VPWS Single Homed 183

Configuring L2VPN EVPN Address Family Under BGP 184

Configuring EVPN-VPWS 185

Configuring EVPN-VPWS: Example 187

BGP-based VPWS Autodiscovery 189

CHAPTER 5

Configuring VPWS with BGP Autodiscovery and Signaling 189

VPWS with BGP Autodiscovery and BGP Signaling 192

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

vii

Contents

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

viii

Contents

Preface

This product has reached end-of-life status. For more information, see the End-of-Life and End-of-Sale Notices.

Note

The Routing Configuration Guide for Cisco NCS 5500 Series Routers preface contains these sections:

•Changes to This Document, on page ix

•Communications, Services, and Additional Information, on page ix

Changes to This Document

This table lists the technical changes made to this document since it was first released.

Table 1: Changes to This Document

SummaryDate

Initial release of this document.September 2017

Republished for Release 6.3.2.March 2018

Communications, Services, and Additional Information

• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

• To submit a service request, visit Cisco Support.

• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit

Cisco Marketplace.

• To obtain general networking, training, and certification titles, visit Cisco Press.

• To find warranty information for a specific product or product family, access Cisco Warranty Finder.

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

ix

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system

that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides

you with detailed defect information about your products and software.

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

x

Preface

CHAPTER 1

New and Changed BGP Features

This table summarizes the new and changed feature information for the Routing Configuration Guide for

Cisco NCS 5500 Series Routers, and tells you where they are documented.

•New and Changed BGP Features, on page 1

New and Changed BGP Features

This table summarizes the new and changed feature information for the Routing Configuration Guide for

Cisco NCS 5500 Series Routers, and tells you where they are documented.

Table 2: BGP Features Added or Modified in IOS XR Release 6.3.x

Where DocumentedChanged in ReleaseDescriptionFeature

See Understanding BGP

MD5 Authentication, on

page 45 and Configuring

BGP MD5

Authentication, on page

46 in the BGP Functional

Overview chapter

Release 6.3.1This feature was

introduced.

BGP MD5 Authentication

See Hiding the Local AS

Number for BGP

Networks, on page 46

section in the BGP

Functional Overview

chapter

Release 6.3.1This feature was

introduced.

Hiding the Local AS

Number for BGP Networks

See BGP Dynamic

Neighbors chapter.

Release 6.3.2This feature was

introduced.

BGP Dynamic Neighbor

Authentication

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

1

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

2

New and Changed BGP Features

CHAPTER 2

Implementing BGP

Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free

interdomain routing between autonomous systems. An autonomous system is a set of routers under a single

technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols (IGPs)

to exchange routing information inside the autonomous system and an EGP to route packets outside the

autonomous system.

This module provides conceptual and configuration information on BGP.

ModificationRelease

This feature was introduced.Release

6.0

•Information about Implementing BGP, on page 3

•BGP Functional Overview, on page 29

•Configuring BGP Large Communities, on page 173

Information about Implementing BGP

To implement BGP, you need to understand the following concepts:

BGP Router Identifier

For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is

sent to BGP peers in the OPEN message when a BGP session is established.

BGP attempts to obtain a router ID in the following ways (in order of preference):

• By means of the address configured using the bgp router-id command in router configuration mode.

• By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved

loopback address configuration.

• By using the primary IPv4 address of the first loopback address that gets configured if there are not any

in the saved configuration.

If none of these methods for obtaining a router ID succeeds, BGP does not have a router ID and cannot establish

any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log,

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

3

and the show bgp summary command displays a router ID of 0.0.0.0. After BGP has obtained a router ID,

it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for

all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down

or its configuration is changed), BGP selects a new router ID (using the rules described) and all established

peering sessions are reset.

We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes to

the router ID (and consequent flapping of BGP sessions).

Note

BGP Default Limits

BGP imposes maximum limits on the number of neighbors that can be configured on the router and on the

maximum number of prefixes that are accepted from a peer for a given address family. This limitation safeguards

the router from resource depletion caused by misconfiguration, either locally or on the remote neighbor. The

following limits apply to BGP configurations:

• The default maximum number of peers that can be configured is 4000. The default can be changed using

the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure

additional peers beyond the maximum limit or set the maximum limit to a number that is less than the

number of peers currently configured will fail.

• To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes

that are accepted from a peer for each supported address family. The default limits can be overridden

through configuration of the maximum-prefix limit command for the peer for the appropriate address

family. The following default limits are used if the user does not configure the maximum number of

prefixes for the address family:

• 512K (524,288) prefixes for IPv4 unicast

• 128K (131,072) prefixes for IPv6 unicast

• 512K (524,288) prefixes for VPNv4 unicast

A cease notification message is sent to the neighbor and the peering with the neighbor is terminated when

the number of prefixes received from the peer for a given address family exceeds the maximum limit

(either set by default or configured by the user) for that address family.

It is possible that the maximum number of prefixes for a neighbor for a given address family has been

configured after the peering with the neighbor has been established and a certain number of prefixes

have already been received from the neighbor for that address family. A cease notification message is

sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if

the configured maximum number of prefixes is fewer than the number of prefixes that have already been

received from the neighbor for the address family.

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

4

Implementing BGP

BGP Default Limits

BGP Attributes and Operators

This table summarizes the BGP attributes and operators per attach points.

Table 3: BGP Attributes and Operators

SetMatchAttributeAttach Point

—in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-pathaggregation

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

set

set additive

delete in

delete not in

delete all

is-empty

matches-any

matches-every

community

—indestination

set

set additive

—extcommunity cost

setis, ge, le, eqlocal-preference

setset +set -is, eg, ge, lemed

setinnext-hop

setisorigin

—insource

suppress-route—suppress-route

set—weight

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

5

Implementing BGP

BGP Attributes and Operators

SetMatchAttributeAttach Point

—

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-pathallocate-label

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

—is-empty

matches-any

matches-every

community

—indestination

set—label

—is, ge, le, eqlocal-preference

—is, eg, ge, lemed

—innext-hop

—isorigin

—insource

—

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-pathclear-policy

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

6

Implementing BGP

BGP Attributes and Operators

SetMatchAttributeAttach Point

—

in

is-local

length

neighbor-is

originates-from

passes-through

unique-length

as-pathdampening

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

—is-empty

matches-any

matches-every

community

set dampening—/dampening

—indestination

—is, ge, le, eqlocal-preference

—is, eg, ge, lemed

—innext-hop

—isorigin

—insource

—

indestinationdebug

set

set +

set -

—meddefault

originate

—inrib-has-route

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

7

Implementing BGP

BGP Attributes and Operators

SetMatchAttributeAttach Point

prepend

prepend most-recent

remove as-path private-as

replace

in

is-local

length

NA

neighbor-is

originates-from

passes-through

unique-length

as-pathneighbor-in

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

set

set additive

delete-in

delete-not-in

delete-all

is-empty

matches-any

matches-every

communitycommunity with ‘peeras’

—indestination

set

set additive

—extcommunity cost

set

additive

delete-in

delete-not-in

delete-all

is-empty

matches-any

matches-every

matches-within

extcommunity rt

—is-empty

matches-any

matches-every

matches-within

extcommunity soo

setis, ge, le, eqlocal-preference

set

set +

set -

is, eg, ge, lemed

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

8

Implementing BGP

BGP Attributes and Operators

SetMatchAttributeAttach Point

next-hop set

set peer address

in

setisorigin

NAroute-aggregatedroute-aggregated

—insource

set—weight

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

9

Implementing BGP

BGP Attributes and Operators

SetMatchAttributeAttach Point

prepend

prepend most-recent

remove as-path private-as

replace

in

is-local

length

—

neighbor-is

originates-from

passes-through

unique-length

as-pathneighbor-out

—is, ge, le, eqas-path-length

—is, ge, le, eqas-path-unique-length

set

set additive

delete-in

delete-not-in

delete-all

is-empty

matches-any

matches-every

communitycommunity with ‘peeras’

—indestination

set

set additive

—extcommunity cost

set

additive

delete-in

delete-not-in

delete-all

is-empty

matches-any

matches-every

matches-within

extcommunity rt

—is-empty

matches-any

matches-every

matches-within

extcommunity soo

setis, ge, le, eqlocal-preference

is, eg, ge, lemed

BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x

10

Implementing BGP

BGP Attributes and Operators

Page is loading ...

Cisco IOS XR Software Release 6.3 Configuration Guide

Cisco IOS XR Software Release 6.3 Configuration Guide

Related papers

Other documents