Page is loading ...
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR
Release 6.3.x
First Published: 2017-09-01
Last Modified: 2018-03-01
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright ©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1721R)
©2017–2018 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface ix
PREFACE
Changes to This Document ix
Communications, Services, and Additional Information ix
New and Changed BGP Features 1
CHAPTER 1
New and Changed BGP Features 1
Implementing BGP 3
CHAPTER 2
Information about Implementing BGP 3
BGP Router Identifier 3
BGP Default Limits 4
BGP Attributes and Operators 5
BGP Best Path Algorithm 15
Comparing Pairs of Paths 15
Order of Comparisons 17
Best Path Change Suppression 18
BGP Update Generation and Update Groups 18
BGP Update Group 19
BGP Cost Community Reference 19
BGP Next Hop Reference 19
BGP Nonstop Routing Reference 22
BGP Route Reflectors Reference 23
iBGP Multipath Load Sharing Reference 24
L3VPN iBGP PE-CE Reference 24
MPLS VPN Carrier Supporting Carrier 25
Per VRF and Per CE Label for IPv6 Provider Edge 26
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
iii
IPv6 Unicast Routing 26
Remove and Replace Private AS Numbers from AS Path in BGP 26
BGP Update Message Error Handling 27
BGP Error Handling and Attribute Filtering Syslog Messages 27
BGP-RIB Feedback Mechanism for Update Generation 28
Use-defined Martian Check 28
BGP Functional Overview 29
Enable BGP Routing 29
Adjust BGP Timers 34
Change BGP Default Local Preference Value 35
Configure MED Metric for BGP 36
Configure BGP Weights 37
Tune BGP Best-Path Calculation 38
Set BGP Administrative Distance 40
Indicate BGP Back-door Routes 42
Configure Aggregate Addresses 44
Understanding BGP MD5 Authentication 45
Configuring BGP MD5 Authentication 46
Hiding the Local AS Number for BGP Networks 46
Configuring BGP to Hide the Local AS Number 47
Autonomous System Number Formats in BGP 48
2-byte Autonomous System Number Format 48
4-byte Autonomous System Number Format 48
as-format Command 48
BGP Multi-Instance and Multi-AS 48
BGP Routing Domain Confederation 50
Configure Routing Domain Confederation for BGP 50
BGP Additional Paths 53
Configure BGP Additional Paths 54
BGP Maximum Prefix 56
Configure Discard Extra Paths 56
BGP Best-External Path 59
Configure Best-External Path Advertisement 59
BGP Local Label Retention 61
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
iv
Contents
Retain Allocated Local Label for Primary Path 61
iBGP Multipath Load Sharing 62
Configure iBGP Multipath Load Sharing 62
Route Dampening 64
Configuring BGP Route Dampening 64
Routing Policy Enforcement 66
Apply Policy When Updating Routing Table 66
Configure BGP Neighbor Group and Neighbors 68
Disable BGP Neighbor 72
Resetting Neighbors Using BGP Inbound Soft Reset 73
Resetting Neighbors Using BGP Outbound Soft Reset 73
Reset Neighbors Using BGP Hard Reset 74
Configure Software to Store Updates from Neighbor 75
Log Neighbor Changes 77
BGP Route Reflectors 77
Configure Route Reflector for BGP 77
Configure BGP Route Filtering by Route Policy 79
Configure BGP Attribute Filtering 81
BGP Next Hop Tracking 82
Configure BGP Next-Hop Trigger Delay 82
Disable Next-Hop Processing on BGP Updates 83
BGP Cost Community 85
Configure BGP Cost Community 85
Configure BGP Community and Extended-Community Advertisements 88
Redistribute iBGP Routes into IGP 90
Redistribute IGPs to BGP 91
Update Groups 93
Monitor BGP Update Groups 93
L3VPN iBGP PE-CE 94
Restrictions for L3VPN iBGP PE-CE 94
Configuring L3VPN iBGP PE-CE 95
Flow-tag propagation 97
Restrictions for Flow-Tag Propagation 98
Source and destination-based flow tag 98
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
v
Contents
BGP Keychains 99
Configure Keychains for BGP 100
Master Key Tuple Configuration 101
BGP Nonstop Routing 104
Configure BGP Nonstop Routing 104
Disable BGP Nonstop Routing 105
Re-enable BGP Nonstop Routing 106
Resilient Hashing and Flow Auto-Recovery 107
Configure Persistent Loadbalancing 108
Accumulated Interior Gateway Protocol Attribute 110
Originate Prefixes with AiGP 110
Configure BGP Accept Own 112
BGP Link-State 116
Configure BGP Link-state 116
Configure Domain Distinguisher 117
BGP Permanent Network 119
Configure BGP Permanent Network 119
Advertise Permanent Network 121
Enable BGP Unequal Cost Recursive Load Balancing 123
DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 127
DMZ Link Bandwidth Over EBGP Peer 131
BGP Prefix Origin Validation using RPKI 134
Configure RPKI Cache-server 134
Configure RPKI Prefix Validation 137
Configure BGP Prefix Validation 139
Configure RPKI Bestpath Computation 140
Resilient Per-CE Label Allocation Mode 141
Configure Resilient Per-CE Label Allocation Mode Under VRF Address Family 142
Configure Resilient Per-CE Label Allocation Mode Using Route-Policy 144
BGP VRF Dynamic Route Leaking 145
Configure VRF Dynamic Route Leaking 146
Configuring a VPN Routing and Forwarding Instance in BGP 148
Define Virtual Routing and Forwarding Tables in Provider Edge Routers 148
Configure Route Distinguisher 150
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
vi
Contents
Configure PE-PE or PE-RR Interior BGP Sessions 152
Configure BGP as PE-CE Protocol 155
Resetting an eBGP Session Immediately Upon Link Failure 159
BGP Labeled Unicast Multiple Label Stack Overview 159
Configuration 160
Selective FIB Download 164
Configuring Selective FIB Download 166
Configuring BGP Large Communities 168
Configuring BGP Large Communities 173
BGP Dynamic Neighbors 179
CHAPTER 3
Configuring BGP Dynamic Neighbors using Address Range 179
Configuring BGP Dynamic Neighbors Using Address Range With Authentication 180
Maximum-peers and Idle-watch timeout 181
EVPN Virtual Private Wire Service (VPWS) 183
CHAPTER 4
Information About EVPN-VPWS Single Homed 183
Configuring L2VPN EVPN Address Family Under BGP 184
Configuring EVPN-VPWS 185
Configuring EVPN-VPWS: Example 187
BGP-based VPWS Autodiscovery 189
CHAPTER 5
Configuring VPWS with BGP Autodiscovery and Signaling 189
VPWS with BGP Autodiscovery and BGP Signaling 192
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
vii
Contents
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
viii
Contents
Preface
This product has reached end-of-life status. For more information, see the End-of-Life and End-of-Sale Notices.
Note
The Routing Configuration Guide for Cisco NCS 5500 Series Routers preface contains these sections:
•Changes to This Document, on page ix
•Communications, Services, and Additional Information, on page ix
Changes to This Document
This table lists the technical changes made to this document since it was first released.
Table 1: Changes to This Document
SummaryDate
Initial release of this document.September 2017
Republished for Release 6.3.2.March 2018
Communications, Services, and Additional Information
• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
• To submit a service request, visit Cisco Support.
• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit
Cisco Marketplace.
• To obtain general networking, training, and certification titles, visit Cisco Press.
• To find warranty information for a specific product or product family, access Cisco Warranty Finder.
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
ix
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system
that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides
you with detailed defect information about your products and software.
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
x
Preface
Preface
CHAPTER 1
New and Changed BGP Features
This table summarizes the new and changed feature information for the Routing Configuration Guide for
Cisco NCS 5500 Series Routers, and tells you where they are documented.
•New and Changed BGP Features, on page 1
New and Changed BGP Features
This table summarizes the new and changed feature information for the Routing Configuration Guide for
Cisco NCS 5500 Series Routers, and tells you where they are documented.
Table 2: BGP Features Added or Modified in IOS XR Release 6.3.x
Where DocumentedChanged in ReleaseDescriptionFeature
See Understanding BGP
MD5 Authentication, on
page 45 and Configuring
BGP MD5
Authentication, on page
46 in the BGP Functional
Overview chapter
Release 6.3.1This feature was
introduced.
BGP MD5 Authentication
See Hiding the Local AS
Number for BGP
Networks, on page 46
section in the BGP
Functional Overview
chapter
Release 6.3.1This feature was
introduced.
Hiding the Local AS
Number for BGP Networks
See BGP Dynamic
Neighbors chapter.
Release 6.3.2This feature was
introduced.
BGP Dynamic Neighbor
Authentication
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
1
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
2
New and Changed BGP Features
New and Changed BGP Features
CHAPTER 2
Implementing BGP
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free
interdomain routing between autonomous systems. An autonomous system is a set of routers under a single
technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols (IGPs)
to exchange routing information inside the autonomous system and an EGP to route packets outside the
autonomous system.
This module provides conceptual and configuration information on BGP.
ModificationRelease
This feature was introduced.Release
6.0
•Information about Implementing BGP, on page 3
•BGP Functional Overview, on page 29
•Configuring BGP Large Communities, on page 173
Information about Implementing BGP
To implement BGP, you need to understand the following concepts:
BGP Router Identifier
For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is
sent to BGP peers in the OPEN message when a BGP session is established.
BGP attempts to obtain a router ID in the following ways (in order of preference):
• By means of the address configured using the bgp router-id command in router configuration mode.
• By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved
loopback address configuration.
• By using the primary IPv4 address of the first loopback address that gets configured if there are not any
in the saved configuration.
If none of these methods for obtaining a router ID succeeds, BGP does not have a router ID and cannot establish
any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log,
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
3
and the show bgp summary command displays a router ID of 0.0.0.0. After BGP has obtained a router ID,
it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for
all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down
or its configuration is changed), BGP selects a new router ID (using the rules described) and all established
peering sessions are reset.
We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes to
the router ID (and consequent flapping of BGP sessions).
Note
BGP Default Limits
BGP imposes maximum limits on the number of neighbors that can be configured on the router and on the
maximum number of prefixes that are accepted from a peer for a given address family. This limitation safeguards
the router from resource depletion caused by misconfiguration, either locally or on the remote neighbor. The
following limits apply to BGP configurations:
• The default maximum number of peers that can be configured is 4000. The default can be changed using
the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure
additional peers beyond the maximum limit or set the maximum limit to a number that is less than the
number of peers currently configured will fail.
• To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes
that are accepted from a peer for each supported address family. The default limits can be overridden
through configuration of the maximum-prefix limit command for the peer for the appropriate address
family. The following default limits are used if the user does not configure the maximum number of
prefixes for the address family:
• 512K (524,288) prefixes for IPv4 unicast
• 128K (131,072) prefixes for IPv6 unicast
• 512K (524,288) prefixes for VPNv4 unicast
A cease notification message is sent to the neighbor and the peering with the neighbor is terminated when
the number of prefixes received from the peer for a given address family exceeds the maximum limit
(either set by default or configured by the user) for that address family.
It is possible that the maximum number of prefixes for a neighbor for a given address family has been
configured after the peering with the neighbor has been established and a certain number of prefixes
have already been received from the neighbor for that address family. A cease notification message is
sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if
the configured maximum number of prefixes is fewer than the number of prefixes that have already been
received from the neighbor for the address family.
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
4
Implementing BGP
BGP Default Limits
BGP Attributes and Operators
This table summarizes the BGP attributes and operators per attach points.
Table 3: BGP Attributes and Operators
SetMatchAttributeAttach Point
—in
is-local
length
neighbor-is
originates-from
passes-through
unique-length
as-pathaggregation
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
set
set additive
delete in
delete not in
delete all
is-empty
matches-any
matches-every
community
—indestination
set
set additive
—extcommunity cost
setis, ge, le, eqlocal-preference
setset +set -is, eg, ge, lemed
setinnext-hop
setisorigin
—insource
suppress-route—suppress-route
set—weight
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
5
Implementing BGP
BGP Attributes and Operators
SetMatchAttributeAttach Point
—
in
is-local
length
neighbor-is
originates-from
passes-through
unique-length
as-pathallocate-label
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
—is-empty
matches-any
matches-every
community
—indestination
set—label
—is, ge, le, eqlocal-preference
—is, eg, ge, lemed
—innext-hop
—isorigin
—insource
—
in
is-local
length
neighbor-is
originates-from
passes-through
unique-length
as-pathclear-policy
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
6
Implementing BGP
BGP Attributes and Operators
SetMatchAttributeAttach Point
—
in
is-local
length
neighbor-is
originates-from
passes-through
unique-length
as-pathdampening
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
—is-empty
matches-any
matches-every
community
set dampening—/dampening
—indestination
—is, ge, le, eqlocal-preference
—is, eg, ge, lemed
—innext-hop
—isorigin
—insource
—
indestinationdebug
set
set +
set -
—meddefault
originate
—inrib-has-route
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
7
Implementing BGP
BGP Attributes and Operators
SetMatchAttributeAttach Point
prepend
prepend most-recent
remove as-path private-as
replace
in
is-local
length
NA
neighbor-is
originates-from
passes-through
unique-length
as-pathneighbor-in
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
set
set additive
delete-in
delete-not-in
delete-all
is-empty
matches-any
matches-every
communitycommunity with ‘peeras’
—indestination
set
set additive
—extcommunity cost
set
additive
delete-in
delete-not-in
delete-all
is-empty
matches-any
matches-every
matches-within
extcommunity rt
—is-empty
matches-any
matches-every
matches-within
extcommunity soo
setis, ge, le, eqlocal-preference
set
set +
set -
is, eg, ge, lemed
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
8
Implementing BGP
BGP Attributes and Operators
SetMatchAttributeAttach Point
next-hop set
set peer address
in
setisorigin
NAroute-aggregatedroute-aggregated
—insource
set—weight
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
9
Implementing BGP
BGP Attributes and Operators
SetMatchAttributeAttach Point
prepend
prepend most-recent
remove as-path private-as
replace
in
is-local
length
—
neighbor-is
originates-from
passes-through
unique-length
as-pathneighbor-out
—is, ge, le, eqas-path-length
—is, ge, le, eqas-path-unique-length
set
set additive
delete-in
delete-not-in
delete-all
is-empty
matches-any
matches-every
communitycommunity with ‘peeras’
—indestination
set
set additive
—extcommunity cost
set
additive
delete-in
delete-not-in
delete-all
is-empty
matches-any
matches-every
matches-within
extcommunity rt
—is-empty
matches-any
matches-every
matches-within
extcommunity soo
setis, ge, le, eqlocal-preference
is, eg, ge, lemed
BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 6.3.x
10
Implementing BGP
BGP Attributes and Operators
/