Dynamic BGP Peers
This chapter provides information about dynamic BGP peers.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 14.0.R7, but the CLI in the current edition corresponds to SR OS Release 20.7.R1.
Overview
SR OS supports static and dynamic BGP sessions, where the static sessions are initiated toward explicitly configured non-passive neighbors, which are identified through an IPv4 or IPv6 address.
Neighbors must be part of a BGP peer group, and all neighbors in the same group share the same characteristics unless more specific characteristics are defined at the neighbor level.
SR OS will initiate TCP sessions toward explicitly configured non-passive neighbors, and listen for incoming TCP connections on port 179 for these configured neighbors. Sessions established with explicitly configured neighbors are considered static BGP sessions.
Dynamic BGP sessions can be established without explicitly configured neighbors; see Establishing dynamic BGP sessions. The source address of a dynamic peer should match one of the configured IPv4 or IPv6 prefixes for the allowed peer Autonomous Systems (ASs). SR OS will only listen for incoming TCP connections on port 179 for these prefixes (which defines passive mode). SR OS will never initiate connections toward dynamic peers. This is consistent with RFC 4271, which allows a BGP speaker to accept connections from unconfigured BGP peers.
Dynamic BGP peering is also supported for ESM-routed subscriber hosts to improve deployment flexibility, but this is out of the scope of this chapter.
Characteristics
In SR OS, BGP groups and dynamic BGP peers have the following characteristics:
A BGP group can support static and dynamic peers simultaneously.
To support dynamic, unconfigured peers, multiple prefixes (IPv4/IPv6) in multiple allowed peer ASs can be associated with a group.
A dynamic peer will be associated with a group, based on the source IP address of an incoming TCP connection. If multiple overlapping prefixes match, the prefix with the longest prefix length is used.
A maximum number of dynamic peers can be configured per group and for the entire BGP instance. Whenever an incoming connection for a new dynamic session would cause either a group limit or the overall BGP limit to be exceeded, the connection attempt is rejected with a BGP Notification message.
Dynamic peers are supported in the base router as well as in VPRN BGP instances.
Behavior
When a dynamic session is established, the following behavior will be observed when changes are made:
If a new prefix entry is added to a group and this entry will become the longest prefix match for the IP address, then the session remains up, without interruption, if the new entry belongs to the same group as the one previously used to set up the dynamic session.
If a new prefix entry is added to a group and this entry becomes the longest prefix match for the IP address, then the session is torn down immediately if the new entry belongs to a different group from the one previously used to set up the dynamic session. When the remote end attempts to reestablish the session, the parameters used locally are inherited from the new group.
If a neighbor command is added to any group and its IP address matches the source IP address of an established dynamic session, then the dynamic session is torn down and the new session that is established inherits its local parameters from the neighbor configuration.
Using dynamic BGP peers can reduce the configuration file size of an SR OS router considerably, and is mainly used on route reflectors.
Configuration
In this section, the following two examples are shown:
Dynamic BGP peers on a route reflector in an AS
Dynamic BGP peers in multiple ASs
Dynamic BGP peers on a route reflector in an AS
Dynamic BGP peers shows the example topology, and has the following characteristics:
All nodes are part of AS 64496.
BGP sessions are established between the routers of AS 64496, using RR-5 as route reflector with PE-1, PE-2, PE-3, and PE-4 being the route reflector clients.
The initial configuration on the nodes includes:
cards, MDAs, and ports
router interfaces
IS-IS between the routers
BGP is configured between the route reflector clients and the route reflector for the IPv4 address family. The configuration on PE-1 is as follows:
# on PE-1:
configure
router Base
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
group "iBGP"
peer-as 64496
neighbor 192.0.2.5
exit
exit
no shutdown
exit
The BGP configuration on the other route reflector clients is the same as on PE-1.
The initial route reflector RR-5 BGP configuration is as follows:
# on RR-5:
configure
router Base
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
dynamic-neighbor-limit 20
group "iBGP"
cluster 5.5.5.5
peer-as 64496
dynamic-peer-limit 10
dynamic-neighbor
match
prefix 192.0.2.0/24
allowed-peer-as 64496
exit
exit
exit
exit
no shutdown
exit
Dynamic neighbors are shown with the "D" flag, as follows:
*A:RR-5# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1(D)
Def. Instance 64496 64 0 00h30m53s 0/0/3 (IPv4)
67 0
192.0.2.2(D)
Def. Instance 64496 66 0 00h31m11s 1/1/2 (IPv4)
67 0
192.0.2.3(D)
Def. Instance 64496 67 0 00h31m49s 1/1/2 (IPv4)
68 0
192.0.2.4(D)
Def. Instance 64496 65 0 00h30m47s 1/1/2 (IPv4)
66 0
-------------------------------------------------------------------------------
The details for neighbor PE-2 show that the session is dynamic, as follows:
*A:RR-5# show router bgp neighbor 192.0.2.2
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 192.0.2.2
Description : (Not Specified)
Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 49704
Peer Address : 192.0.2.2
Local AS : 64496 Local Port : 179
Local Address : 192.0.2.5
Peer Type : Internal Dynamic Peer : Yes
State : Established Last State : Established
Last Event : recvOpen
Last Error : Cease (Connection Collision Resolution)
Local Family : IPv4
Remote Family : IPv4
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Active Hold Time : 90 Active Keep Alive : 30
Cluster Id : 5.5.5.5
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
The BGP configuration on route reflector RR-5 is modified with static BGP neighbor PE-1, as follows:
# on RR-5:
configure
router Base
bgp
group "iBGP"
cluster 5.5.5.5
peer-as 64496
dynamic-neighbor
match
prefix 192.0.2.0/24
allowed-peer-as 64496
exit
exit
exit
neighbor 192.0.2.1
keepalive 20
hold-time 60
exit
exit
no shutdown
exit
Therefore, the properties of BGP group iBGP are as follows:
*A:RR-5# show router bgp group "iBGP"
===============================================================================
BGP Group : iBGP
===============================================================================
Group : iBGP
Description : (Not Specified)
Group Type : No Type State : Up
Peer AS : 64496 Local AS : 64496
Local Address : n/a Loop Detect : Discard
Import Policy : None Specified - Default Accept
Export Policy : None Specified - Default Accept
Hold Time : 90 Keep Alive : 30
Min Hold Time : 0
Cluster Id : 5.5.5.5 Client Reflect : Enabled
NLRI : Unicast Preference : 170
TTL Security : Disabled Min TTL Value : n/a
Graceful Restart : Disabled Stale Routes Time: n/a
Restart Time : n/a
Auth key chain : n/a
Bfd Enabled : Disabled Disable Cap Nego : Disabled
Creation Origin : manual
Flowspec Validate: Disabled
Default Route Tgt: Disabled
Aigp Metric : Disabled
Split Horizon : Enabled
Damp Peer Oscill*: Disabled
GR Notification : Disabled Fault Tolerance : Disabled
Next-Hop Unchang*: None
Routes Resolve T*: Disabled
List of Static Peers
- 192.0.2.1 :
List of Dynamic Peers
- 192.0.2.2
- 192.0.2.3
- 192.0.2.4
Total Peers : 4 Established : 4
-------------------------------------------------------------------------------
Peer Groups : 1
===============================================================================
* indicates that the corresponding row element may have been truncated.
The BGP session toward PE-1 is static. The short session time is an indication that the BGP session toward PE-1 has been reestablished, as follows:
*A:RR-5# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Instance 64496 95 0 00h01m33s 0/0/3 (IPv4)
16 0
192.0.2.2(D)
Def. Instance 64496 7 0 00h47m44s 1/1/2 (IPv4)
8 0
192.0.2.3(D)
Def. Instance 64496 94 0 00h45m04s 1/1/2 (IPv4)
99 0
192.0.2.4(D)
Def. Instance 64496 92 0 00h44m02s 1/1/2 (IPv4)
97 0
-------------------------------------------------------------------------------
Reestablishment of the BGP session is also indicated in log 99, as follows:
76 2020/08/19 16:41:37.265 CEST MINOR: BGP #2038 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: moved into established state"
75 2020/08/19 16:41:37.255 CEST WARNING: BGP #2011 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: remote end closed connection"
74 2020/08/19 16:41:37.255 CEST WARNING: BGP #2005 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: sending notification: code CEASE
subcode CONN_COLL_RES"
73 2020/08/19 16:41:37.234 CEST WARNING: BGP #2039 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: moved from higher state ACTIVE to lower
state IDLE due to event CONFIG_CHG"
72 2020/08/19 16:41:37.225 CEST WARNING: BGP #2011 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: remote end closed connection"
71 2020/08/19 16:41:37.225 CEST WARNING: BGP #2005 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: sending notification: code CEASE
subcode CONFIG_CHG"
70 2020/08/19 16:41:37.224 CEST WARNING: BGP #2039 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: moved from higher state CONNECT
to lower state IDLE due to event CONFIG_CHG"
69 2020/08/19 16:41:37.214 CEST WARNING: BGP #2005 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: sending notification: code CEASE
subcode CONFIG_CHG"
68 2020/08/19 16:41:37.214 CEST WARNING: BGP #2039 Base Peer 1: 192.0.2.1
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.1: moved from higher state ESTABLISHED
to lower state IDLE due to event CONFIG_CHG"
New and more specific settings apply to static neighbor PE-1, as follows:
*A:RR-5# show router bgp neighbor 192.0.2.1
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 192.0.2.1
Description : (Not Specified)
Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 49436
Peer Address : 192.0.2.1
Local AS : 64496 Local Port : 179
Local Address : 192.0.2.5
Peer Type : Internal Dynamic Peer : No
State : Established Last State : Established
Last Event : recvOpen
Last Error : Cease (Connection Collision Resolution)
Local Family : IPv4
Remote Family : IPv4
Hold Time : 60 Keep Alive : 20
Min Hold Time : 0
Active Hold Time : 60 Active Keep Alive : 20
Cluster Id : 5.5.5.5
---snip---
The properties of all dynamic peers can be displayed using a single command, as follows:
*A:RR-5# show router bgp neighbor dynamic
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 192.0.2.2
Description : (Not Specified)
Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 49704
Peer Address : 192.0.2.2
Local AS : 64496 Local Port : 179
Local Address : 192.0.2.5
Peer Type : Internal Dynamic Peer : Yes
State : Established Last State : Established
---snip---
-------------------------------------------------------------------------------
Peer : 192.0.2.3
Description : (Not Specified)
Group : iBGP
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 49636
Peer Address : 192.0.2.3
Local AS : 64496 Local Port : 179
Local Address : 192.0.2.5
Peer Type : Internal Dynamic Peer : Yes
State : Established Last State : Established
---snip---
-------------------------------------------------------------------------------
Peer : 192.0.2.4
Description : (Not Specified)
Group : iBGP
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 49840
Peer Address : 192.0.2.4
Local AS : 64496 Local Port : 179
Local Address : 192.0.2.5
Peer Type : Internal Dynamic Peer : Yes
State : Established Last State : Established
---snip---
-------------------------------------------------------------------------------
Neighbors shown : 3
===============================================================================
* indicates that the corresponding row element may have been truncated.
Lowering the dynamic peer limit will not tear down any existing BGP sessions, as follows:
# on RR-5:
configure
router Base
bgp
group "iBGP"
dynamic-neighbor-limit 2
exit
A hard reset of a running BGP session will result in that BGP session being torn down, as follows:
*A:RR-5# clear router bgp neighbor 192.0.2.4 hard
The BGP peer fails to reconnect to the route reflector, because the peer limit has been reached, as follows:
80 2020/08/19 17:12:39.585 CEST MINOR: BGP #2037 Base VR 1: Group iBGP
"192.0.2.4: Closing connection: reached dynamic peer limit (2) for BGP group iBGP"
79 2020/08/19 17:12:39.574 CEST WARNING: BGP #2005 Base Peer 1: 192.0.2.4
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.4: sending notification: code CEASE
subcode HARD_RESET"
78 2020/08/19 17:12:39.574 CEST WARNING: BGP #2039 Base Peer 1: 192.0.2.4
"(ASN 64496) VR 1: Group iBGP: Peer 192.0.2.4: moved from higher state ESTABLISHED
to lower state IDLE due to event ADMIN_RESET_HARD"
77 2020/08/19 17:12:39.562 CEST INDETERMINATE: LOGGER #2010 Base Clear BGP
"Clear function clearRtrBgpNbr has been run with parameters: rtr-name="Base"
neighbor="192.0.2.4" type="hard". The completion result is: success.
Additional error text, if any, is: "
Dynamic BGP peers in multiple ASs
In SR OS Release 19.5.R1 and later, dynamic BGP sessions associated with a single BGP peer group can belong to different peer Autonomous Systems (ASs), both in the base router and in VPRNs. Example topology with VPRN 1 in different ASs shows the example topology with VPRN 1 configured in different ASs. Each interface in VPRN 1 has an IPv4 and an IPv6 address.
EBGP sessions are established between VPRN 1 on PE-1 and VPRN 1 on the other nodes. In VPRN 1 on PE-2, PE-3, and PE-4, static BGP neighbors are configured. The VPRN configuration on PE-2 is as follows:
# on PE-2:
configure
service
vprn 1 name "VPRN 1" customer 1 create
autonomous-system 64502
router-id 172.31.0.2
route-distinguisher 1:1
vrf-target target:1:1
interface "int-VPRN1-PE-2-PE-1" create
address 172.16.12.2/30
ipv6
address 2001:db8::12:2/126
exit
sap 1/1/1:1 create
exit
exit
interface "system" create
address 172.31.0.2/32
ipv6
address 2001:db8::31:0:2/128
exit
loopback
exit
bgp
router-id 172.31.0.2
split-horizon
group "eBGPv4"
family ipv4
next-hop-self
peer-as 64501
neighbor 172.16.12.1
export "exp-vprn-1-v4"
exit
exit
group "eBGPv6"
family ipv6
next-hop-self
peer-as 64501
neighbor 2001:db8::12:1
export "exp-vprn-1-v6"
exit
exit
exit
no shutdown
In VPRN 1 on PE-1, dynamic BGP peering is configured for IPv4 prefixes matching 172.16.0.0/16 in AS 64502 (PE-2) or AS 64504 (PE-4) and IPv6 prefixes matching 2001:db8::/107 ASN range from 64502 (PE-2) to 64503 (PE-3). The BGP configuration in VPRN 1 on PE-1 is as follows:
# on PE-1:
configure
service
vprn 1 name "VPRN 1" customer 1 create
bgp
router-id 172.31.0.1
split-horizon
group "eBGPv4"
family ipv4
next-hop-self
export "exp-vprn-1-v4"
dynamic-neighbor-limit 10
dynamic-neighbor
match
prefix 172.16.0.0/16
allowed-peer-as 64502
allowed-peer-as 64504
exit
exit
exit
exit
group "eBGPv6"
family ipv6
next-hop-self
export "exp-vprn-1-v6"
dynamic-neighbor-limit 10
dynamic-neighbor
match
prefix 2001:db8::/107
allowed-peer-as 64502 max 64503
exit
exit
exit
exit
exit
A dynamic BGP session can be rejected if receiving neighbor BGP OPEN message does not report an AS number in an allowed list: in the "eBGPv4" group, AS 64503 is not allowed and in the "eBGPv6" group, AS 64504 is not allowed. PE-1 sends a notification message with code OPEN and subcode INCORRECT_AS to PE-3 in AS 64503 and the following notification is logged in log 99:
14 2020/08/19 16:55:19.697 CEST WARNING: BGP #2005 vprn1 Peer 2: 172.16.13.2"(ASN 0) VR 2: Group eBGPv4: Peer 172.16.13.2: sending notification: code OPEN subcode INCORRECT_AS"
When debugging is enabled for BGP OPEN messages and BGP notifications, the following messages are logged on PE-1: a BGP OPEN message received from PE-3 in AS 64503 and a BGP notification with code OPEN and subcode Bad Peer AS.
7 2020/08/19 16:55:19.697 CEST MINOR: DEBUG #2001 vprn1 Peer 2: 172.16.13.2"Peer 2: 172.16.13.2: NOTIFICATION
Peer 2: 172.16.13.2 - Send BGP NOTIFICATION: Code = 2 (OPEN) Subcode = 2 (Bad Peer AS)
"
6 2020/08/19 16:55:19.697 CEST MINOR: DEBUG #2001 vprn1 BGP
"BGP: OPEN
Peer 2: 172.16.13.2 - Received BGP OPEN: Version 4
AS Num 64503: Holdtime 90: BGP_ID 172.31.0.3: Opt Length 20 (ExtOpt F)
Opt Para: Type CAPABILITY: Length = 18: Data:
Cap_Code GRACEFUL-RESTART: Length 2
Bytes: 0x0 0x78
Cap_Code MP-BGP: Length 4
Bytes: 0x0 0x1 0x0 0x1
Cap_Code ROUTE-REFRESH: Length 0
Cap_Code 4-OCTET-ASN: Length 4
Bytes: 0x0 0x0 0xfb 0xf7 # AS 64503
"
The following BGP summary on PE-1 shows four dynamic BGP neighbors: 172.16.12.2 (in AS 64502), 172.16.14.2 (in AS 64504), 2001:db8::12:2 (in AS 64502), and 2001:db8::13:2 (in AS 64503):
*A:PE-1# show router bgp summary all
==============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.5
Def. Instance 64496 19 0 00h04m34s 2/2/0 (IPv4)
17 0
172.16.12.2(D)
Svc: 1 64502 8 0 00h01m36s 1/1/2 (IPv4)
9 0
172.16.14.2(D)
Svc: 1 64504 8 0 00h01m56s 1/1/2 (IPv4)
9 0
2001:db8::12:2(D)
Svc: 1 64502 8 0 00h01m54s 1/1/2 (IPv6)
9 0
2001:db8::13:2(D)
Svc: 1 64503 8 0 00h01m57s 1/1/2 (IPv6)
9 0
-------------------------------------------------------------------------------
The following command shows that BGP group "eBGPv4" has two dynamic peers (172.16.12.2 and 172.16.14.2) and group "eBGPv6" has two dynamic peers (2001:db8::12:2 and 2001:db8::13:2):
*A:PE-1# show router 1 bgp group
===============================================================================
BGP Group
===============================================================================
Group : eBGPv4
Description : (Not Specified)
Group Type : No Type State : Up
Peer AS : n/a Local AS : 64501
Local Address : n/a Loop Detect : Ignore
Import Policy : None Specified - Default Accept
Export Policy : exp-vprn-1-v4
: Default Accept
---snip---
List of Static Peers
List of Dynamic Peers
- 172.16.12.2
- 172.16.14.2
Total Peers : 2 Established : 2
Group : eBGPv6
Description : (Not Specified)
Group Type : No Type State : Up
Peer AS : n/a Local AS : 64501
Local Address : n/a Loop Detect : Ignore
Import Policy : None Specified - Default Accept
Export Policy : exp-vprn-1-v6
: Default Accept
---snip---
List of Static Peers
List of Dynamic Peers
- 2001:db8::12:2
- 2001:db8::13:2
Total Peers : 2 Established : 2
-------------------------------------------------------------------------------
Peer Groups : 2
===============================================================================
* indicates that the corresponding row element may have been truncated.
Conclusion
The use of dynamic BGP peers provides ISPs the means to reduce the configuration file size for routers. This reduces the number of configuration changes to be made to the network over time, which lowers the operational cost of running the network.