BGP Commands
BGP Finite State Machine: Troubleshooting
(See page 108 of the Halabi book for a diagram).
1. Idle
Waiting for Start event, normally initiated by the operator (establishing new BGP session or resetting an existing session). After errors, BGP falls back to the Idle state.
After a Start event, BGP initializes, resets connect retry timer, initiates TCP transport connection, and listens for connections initiated by a remote peer.
2. Connect
BGP is waiting for a transition protocol connection to complete. If TCP transport succeeds, transition to State 4, OpenSent, and send OPEN. If not, transition to Active. If the connect retry timer expires, remain in Connect, reset the timer, and initiate a transport connection. In case of any other event, transition back to Idle.
3. Active
BGP is trying to initiate a transport protocol connection and acquire a peer. If the successful, transition to OpenSent and send OPEN. If connect retry expires, restart the timer and fall back to the Connect state. Also actively listen for connection by another peer. Go back to idle in case of other events.
Connect to Active flip-flops indicates a TCP transport problem, e.g. TCP retransmissions or unreachability of a peer.
4. OpenSent
BGP is waiting for an OPEN message from its peer. When one is received, it is checked for correctness (version number, AS number, password). If not correct, an error NOTIFICATION is sent and the system goes to Idle. If no error, then send KEEPALIVE and reset the keepalive timer. Negotiate hold time, smaller value wins. If zero, hold timer and keepalive timer are not restarted.
This state is where EBGP versus IBGP is determined, based on AS number.
5. OpenConfirm
BGP waits for KEEPALIVE or NOTIFICATION. If KEEPALIVE is received, transition to Established. If UPDATE or KEEPALIVE is received, restart the hold timer (unless the negotiated hold time is zero). If NOTIFICATION is received, transition to Idle.
Periodic KEEPALIVE messages are sent. If transport disconnect is received, transition to Idle. If an error occurs, send a NOTIFICATION with the error code, then go to Idle.
6. Established
This is the final stage of neighbor negotiation. BGP exchanges updates with its peers. If a NOTIFICATION is received, the system transitions to Idle. Updates are checked for errors. If an error is found, a NOTIFICATION is sent, and the system goes to Idle. In case of hold time expiration, disconnect by transport, Stop event received, or other such events, the system falls back to Idle.
BGP Configuration Commands in IOS
To create an aggregate route summary in the BGP routing table:
1 2 | [no] aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name] |
aggregate-address with no arguments creates an aggregate entry in the BGP routing table if there are any more-specific BGP routes that fall in the specified range. The aggregate is advertised as coming from your autonomous system with the atomic aggregate attribute, to show that information might be missing. (By default, unless you specify the as-set keyword.)
as-set: creates an aggregate entry, but the path advertised for this route is an AS_SET consisting of all elements in all paths that are being summarized. Do not use this form of aggregate-address when aggregating many paths, because this route then must be continually withdrawn and re-updated as autonomous system path reachability information for the summarized routes changes.
summary-only: create the aggregate route and also suppress advertisements of more-specific routes to all neighbors. If you only want to suppress advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more specific route leaks out, all BGP speakers will prefer that route over the less-specific aggregate you are generating, by using longest-match routing.
suppress-map: creates the aggregate route but suppresses advertisement of the specified routes. You can use the match clauses of route maps to selectively suppress some more specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match statements can be used for this.
To advertise only networks and not subnets, the default behavior for BGP, use the command:
1 | [no] auto-summary |
To compare MED with paths from different AS’s:
1 | [no] bgp always-compare-med |
To restore the default BGP route reflector behavior, reflection from a reflector to clients:
1 | [no] bgp client-to-client reflection |
To configure cluster ID when there is more than one route reflector:
1 | [no] bgp cluster-id cluster-id |
To assign the BGP confederation identifier:
1 | [no] bgp confederation identifier autonomous-system |
To specify which AS’s belong to the confederation:
1 | [no] bgp confederation peers autonomous-system [autonomous-system] |
To specify BGP route dampening (and optional parameters):
1 | [no] bgp dampening [half-life reuse suppress max-suppress-time] [route-map map] |
half-life: Time (in minutes) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds. The range of the half-life period is 1 to 45 minutes. The default is 15 minutes.
reuse: If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The process of unsuppressing routes occurs at 10-second increments. The range of the reuse value is 1 to 20000; the default is 750.
suppress: A route is suppressed when its penalty exceeds this limit. The range is 1 to 20000; the default is 2000.
max-suppress-time: Maximum time (in minutes) a route can be suppressed. The range is 1 to 20000; the default is 4 times the half-life. If the half-life value is allowed to default, the maximum suppress time defaults to 60 minutes.
route-map map: Name of route map controlling where BGP route dampening is enabled.
To change the default local preference:
1 | [no] bgp default local-preference value |
Here value must be in the range 0-4294967295. Higher values are more preferred. The default is 100.
To immediately reset sessions to directly adjacent external peers when the link goes down:
1 | [no] bgp fast-external-fallover |
To allow 0.0.0.0 to be redistributed into BGP:
1 | [no] default-information originate |
To assign default metric (MED) for redistribution of other protocols (RIP, IGRP, EIGRP, OSPF) into BGP:
1 | [no] default-metric number |
To specify the use of administrative distances other than defaults:
1 2 | distance bgp external-distance internal-distance local-distance no distance bgp |
Here external-distance is the administrative distance (AD) for BGP external routes, a number from 1 to 255, default 20. (255 distance means to not install the route into the routing table). Internal-distanceis the BGP internal route AD, default 200. Local-distance is the AD for BGP local routes, those listed with a network router command. Default is 200. Caution: altering internal-distance is considered hazardous.
To define an AS path access-list using an AS regular expression:
1 | [no] ip as-path access-list access-list-number {permit | deny} as-regular-expression |
Details of regular expressions are in the Dial Solutions Command Reference on the documentation CD or Web pages.
To create a BGP community list:
1 2 | ip community-list community-list-number {permit | deny} community-number no ip community-list community-list-number |
Here community-list-number is an integer from 1 to 99 specifying the list number. The community-number is a number from 1 to 4294967200. Multiple numbers can be specified, separated by a space. There are some special communities that can also be specified: internet, no-export, no-advertise.
Possible MATCH conditions for BGP-related route-maps:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [no] match as-path path-list-number [no] match community-list community-list [exact] [no] match interface type number ... [no] match ip address { access-list-number | name } ... [no] match ip next-hop { access-list-number | name } ... [no] match ip route-source { access-list-number | name } ... [no] match metric metric-value [no] match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2} [no] match tag tag |
To specify a BGP neighbor advertisement interval (minimum interval between sending BGP updates:
1 | [no] neighbor {ip-address | peer-group-name} advertisement-interval seconds |
Default intervals are 30 seconds for external peers and 5 seconds for internal peers.
To allow 0.0.0.0 to be sent to a neighbor (if necessary, subject to a route-map to inject 0.0.0.0 conditionally):
1 | [no] neighbor {ip-address | peer-group-name} default-originate [route-map map-name] |
To describe a neighbor:
1 | [no] neighbor {ip-address | peer-group-name} description text |
To specify filtering of information sent to/from a neighbor, using a distribute list to filter:
1 | [no] neighbor {ip-address | peer-group-name} distribute-list {access-list-number | name} {in | out} |
To accept and attempt EBGP connections to peers that are not directly connected, with specified time-to-live in hops:
1 2 | neighbor {ip-address | peer-group-name}ebgp-multihop [ttl] no neighbor {ip-address | peer-group-name} ebgp-multihop |
To specify a filter list for a neighbor or peer group:
1 | [no] neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out |weight weight} |
(weight is an integer from 0 to 65535 to assign to incoming routes that match the AS paths in the filter-list).
To assign the maximum number of prefixes allowed from a neighbor:
1 2 3 | neighbor {ip-address | peer-group-name} maximum-prefix maximum [threshold] [warning-only] no neighbor {ip-address | peer-group-name} maximum-prefix maximum |
(threshold is the percent of maximum the router generates warnings at, default is 75. With warning-only, when the maximum is exceeded, the peering is not terminated)
To disable next-hop processing of BGP prefixes, and set next hop to self (typically in partial mesh NBMA networks):
1 | [no] neighbor {ip-address | peer-group-name}next-hop-self |
To specify the password for a BGP neighbor or peer group:
1 2 | neighbor {ip-address | peer-group-name} password string no neighbor {ip-address | peer-group-name}password |
To configure a neighbor to be in a BGP peer group:
1 | [no] neighbor ip-address peer-group peer-group-name |
To create a BGP peer group:
1 | [no] neighbor peer-group-name peer-group |
To specify a neighbor and its remote AS number:
1 | [no] neighbor {ip-address | peer-group-name} remote-as number |
To apply a route map to incoming or outgoing routes to/from a neighbor:
1 | [no] neighbor {ip-address | peer-group-name} route-map map-name {in | out} |
To set up a router as a route reflector and specify a client:
1 | [no] neighbor ip-address route-reflector-client |
To specify sending the community attribute to a neighbor:
1 | [no] neighbor {ip-address | peer-group-name} send-community |
To start storing received updates:
1 | [no] neighbor {ip-address | peer-group-name} soft-reconfiguration inbound |
To allow the use of any operational interface for internal BGP TCP connections:
1 | [no] neighbor {ip-address | peer-group-name} update-source interface |
To hard-code the neighbor’s BGP version (for faster session establishment):
1 | [no] neighbor {ip-address | peer-group-name} version value |
(value can be 2; the default is to use 4 and negotiate down to 2 if requested)
To assign a weight to a neighbor connection:
1 | [no] neighbor {ip-address | peer-group-name} weight weight |
To specify a network BGP may advertise (if found in the routing table):
1 | [no] network network-number [mask network-mask] |
To specify a network as a backdoor route (not advertised):
1 | [no] network address backdoor |
To assign an absolute weight to a BGP network, over-riding any weight assigned by redistribution:
1 | [no] network address mask weight weight [route-map map-name] |
To create a BGP routing process and specify AS number:
1 | [no] router bgp autonomous-system |
Possible SET conditions for BGP-related route-maps:
1 2 3 4 5 | [no] set automatic-tag [no] set as-path {tag | prepend as-path-string} [no] set community {community-number [additive]} | none |
(additive adds the community to existing communities, none removes the community attribute from any prefixes that pass the route-map)
1 2 3 4 5 6 7 8 | set dampening half-life reuse suppress max-suppress-time no set dampening [no] set ip precedence value [no] set level {level-1 | level-2 | level-1-2 | stub-area | backbone} [no] set local-preference value |
(value is an integer from 0 to 4294967295, default 100)
1 | [no] set metric metric-value |
(metric-value is an integer from -294967295 to 294967295)
1 2 3 4 5 6 7 | [no] set metric-type internal [no] set next-hop next-hop [no] set origin {igp | egp autonomous-system | incomplete} [no] set tag tag |
(value is an integer from 0 to 4294967295)
1 | [no] set weight weight |
(weight is an integer from 0 to 65535)
To re-enable (or turn off) IGP route synchronization with BGP:
1 | [no] synchronization |
To modify metric and tag values when the IP routing table is updated with BGP-derived routes:
1 | [no] table-map route-map-name |
To adjust BGP timers:
1 2 | timers bgp keepalive holdtime no timers bgp |
(keepalive is the keepalive message interval and defaults to 60 seconds. holdtime is the interval in seconds for declaring a peer dead if no keepalives are received. It defaults to 180 seconds.)
BGP EXEC Mode Commands
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | clear ip bgp {* | address | peer-group name} [soft [in | out]] clear ip bgp dampening [address mask] clear ip bgp flap-statistics [{regexp regexp} | {filter-list list} | {address mask}] clear ip bgp address flap-statistics clear ip bgp peer-group tag show ip bgp [network] [network-mask] [longer-prefixes] show ip bgp cidr-only show ip bgp community community-number [exact] show ip bgp community-list community-list-number [exact] show ip bgp dampened-paths show ip bgp filter-list access-list-number show ip bgp flap-statistics [{regexp regexp} | {filter-list list} | {address mask [longer-prefix]}] show ip bgp inconsistent-as show ip bgp neighbors [address] [received-routes | routes | advertised-routes | {paths regular-expression} | dampened-routes] show ip bgp paths show ip bgp peer-group [tag] [summary] show ip bgp regexp regular-expression show ip bgp summary |