Nortel Ethernet Routing Switch 8600
Configuration — BGP Services Release: 7.0 Document Revision: 04.01
www.nortel.com
NN46205-510 .
Nortel Ethernet Routing Switch 8600 Release: 7.0 Publication: NN46205-510 Document release date: 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved. While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. THE SOFTWARE DESCRIBED IN THIS DOCUMENT IS FURNISHED UNDER A LICENSE AGREEMENT AND MAY BE USED ONLY IN ACCORDANCE WITH THE TERMS OF THAT LICENSE. Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks. Cisco is a trademark of Cisco Systems Inc. Juniper Networks and JUNOS are trademarks of Juniper Networks, Inc. Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
All other trademarks are the property of their respective owners.
.
3
.
Contents Software license New in this release
9 13
Features 13 BGP+ 13 Other changes 13 Enterprise Device Manager 13 References to classic modules removed 13 Confederations and route-reflectors 14
Introduction
15
BGP fundamentals
17
Autonomous systems 18 Internal and external BGP routing 20 BGP speaker 20 Transit AS 21 Stub and multihomed autonomous systems 22 Peers 22 Supernet advertisements 22 Bandwidth and maintenance reduction 23 Routing information consolidation 23 CIDR and aggregate addresses 23 Confederations 29 Route reflectors 31 Confederation and route reflector considerations 33 BGP communities 33 BGP path attributes 34 BGP route selection 35 BGP and dampened routes 36 BGP updates 37 Withdrawn Routes Length 38 Withdrawn Routes 38 Total Path Attributes Length 39 Path Attributes 39
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
4 Network Layer Reachability Information 42 Equal-cost multipath 42 MD5 message authentication 42 MD5 signature generation 43 MD5 signature verification 43 BGP and route redistribution 44 Circuitless IP 45 BGP and IP VPN 46 BGP IP VPN parameters 48 IP VPN BGP route preference and selection 50 BGP+ 51 BGP+ tunnel configurations 52 Limitations 52 Bidirectional Forwarding Detection 52 Overview 52 Operation 53 BFD and SMLT 53 BFD restrictions 53 BGP configuration considerations and limitations 54 BGP implementation guidelines 54 Configuration guidelines 55 BGP neighbor Maximum Prefix configuration 56 BGP and OSPF interaction 56
BGP configuration using Enterprise Device Manager Logging in to a VRF instance 58 Configuring BGP globally 58 Configuring aggregate routes 63 Configuring aggregate IPv6 routes 64 Configuring allowed networks 66 Configuring allowed IPv6 networks 66 Configuring BGP peers 67 Configuring peer groups 72 Viewing BGP summary route information 76 Viewing IPv6 BGP+ summary route information 77 Displaying dampened routes information 78 Configuring redistribution to BGP for VRF 0 79 Configuring redistribution to BGP+ for VRF 0 80 Configuring a prefix list 82 Configuring an IPv6 prefix list 83 Configuring an AS path list 84 Configuring a community access list 85 Configuring an extended community list 86
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
57
5
BFD configuration using Enterprise Device Manager
89
Enabling BFD globally 89 Configuring BFD on a VLAN interface 90 Configuring BFD on a brouter port 91 Enabling BFD on a BGP routing interface 92 Configuring BFD properties for an interface 93 Viewing BFD statistics 94 Viewing BFD session information 95
BGP configuration using the CLI
97
Configuring BGP globally 109 Job aid: BGP debug commands 117 Configuring BGP confederations 117 Configuring BGP peers or peer groups 119 Configuring redistribution to BGP for VRF 0 126 Configuring redistribution to BGP+ for VRF 0 128 Configuring a prefix list 129 Configuring an IPv6 prefix list 131 Configuring AS path lists 132 Configuring community lists 133 Configuring extended community lists 135 BGP show commands 136 Viewing BGP aggregate information 136 Viewing BGP+ aggregate information 137 Viewing CIDR routes 137 Viewing flap-dampened routes 139 Viewing global flap-dampening configurations 140 Viewing imported routes 141 Viewing imported IPv6 routes 142 Viewing BGP network configurations 143 Viewing IPv6 BGP+ network configurations 143 Viewing BGP peer information 144 Viewing BGP peer group information 147 Viewing BGP IP VPN routes 148 Viewing BGP routes 149 Viewing IPv6 BGP+ routes 150 Viewing all BGP configuration information 151 Viewing all IPv6 BGP+ configuration information 152 Viewing a summary of BGP configurations 152
BFD configuration using the CLI Enabling BFD globally 156 Configuring BFD on a VLAN interface 157 Configuring BFD on a brouter port 158
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
155
6 Enabling BFD on a routing interface 160 Viewing BFD session and statistical information
160
BGP configuration using the NNCLI
161
Configuring BGP globally 175 Job aid: BGP debug commands 185 Configuring BGP peers or peer groups 186 Configuring redistribution to BGP for VRF 0 195 Configuring redistribution to BGP+ for VRF 0 197 Configuring a prefix list 198 Configuring an IPv6 prefix list 200 Configuring AS path lists 201 Configuring community lists 202 Configuring extended community lists 203 BGP show commands 205 Viewing BGP aggregate information 205 Viewing IPv6 BGP+ aggregate information 206 Viewing CIDR routes 206 Viewing flap-dampened routes 208 Viewing global flap-dampening configurations 209 Viewing imported routes 210 Viewing imported IPv6 routes 211 Viewing BGP network configurations 212 Viewing IPv6 BGP+ network configurations 212 Viewing BGP peer information 213 Viewing BGP peer group information 216 Viewing BGP IP VPN routes 216 Viewing BGP routes 218 Viewing IPv6 BGP+ routes 219 Viewing a summary of BGP configurations 220
BFD configuration using the NNCLI Enabling BFD globally 224 Configuring BFD on a VLAN interface 225 Configuring BFD on a brouter port 227 Enabling BFD on a routing interface 228 Viewing BFD session and statistical information
223
229
BGP+ tunnel configuration examples IPv6 Tunnel configurations for BGP+ 231 Navigation 231 Scenario 1: eBGP+ peership between two ERS8600s with IPv6 Tunneling R1 configuration 232 R2 configuration 233
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
231
231
7 Scenario 2: iBGP+ peership on CLIP between two ERS8600s with IPv6 Tunneling 233 R1 configuration 234 R2 configuration 235 Important notes 235
Cisco Systems to Nortel command equivalents
237
BGP configuration commands 237 BGP configuration command interpretation 248 BGP operational commands 250 BGP operational command interpretation 251 Route preference mapping 251
Juniper Networks to Nortel command equivalents
253
BGP configuration commands 253 BGP configuration command interpretation 265 BGP operational commands 267 BGP operational command interpretation 268 Route preference mapping 269
Index
271
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
8
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
9
.
Software license This section contains the Nortel Networks software license.
Nortel Networks Inc. software license agreement This Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price. "Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software. 1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
10 Software license
of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software. 2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply. 3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply. 4.
General
1. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Nortel Networks Inc. software license agreement
11
software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
2. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction.
3. Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.
4. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
5. The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks.
6. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
12 Software license
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
13
.
New in this release The following sections detail what’s new in Nortel Ethernet Routing Switch 8600 Configuration – BGP Services (NN46205-510) for Release 5.1.
• •
“Features” (page 13) “Other changes” (page 13)
Features See the following sections for information about feature changes:
BGP+ The Ethernet Routing Switch 8600 now supports BGP+. For more information see:
• • • •
“BGP+” (page 51) “BGP configuration using Enterprise Device Manager” (page 57) “BGP configuration using the CLI” (page 97) “BGP configuration using the NNCLI” (page 161)
Other changes For information about changes that are not feature-related, see the following sections:
Enterprise Device Manager Replaced the Device Manager configuration information with the Enterprise Device Manager (EDM). Starting with this release, EDM is replacing Device Manager as the graphical user interface.
References to classic modules removed All references to classsic modules are removed from this document.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
14 New in this release
Confederations and route-reflectors Additional information is added regarding required configurations for confederations and route-reflectors. For more information, see “Confederation and route reflector considerations” (page 33).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
15
.
Introduction This document provides instructions for configuring Border Gateway Protocol (BGP) services for the Nortel Ethernet Routing Switch 8600. For information about configuring IP VPN with BGP, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN (NN46205-520).
Navigation • • • • • • • • •
“BGP fundamentals” (page 17) “BGP configuration using Enterprise Device Manager” (page 57) “BFD configuration using Enterprise Device Manager” (page 89) “BGP configuration using the CLI” (page 97) “BFD configuration using the CLI” (page 155) “BGP configuration using the NNCLI” (page 161) “BFD configuration using the NNCLI” (page 223) “Cisco Systems to Nortel command equivalents” (page 237) “Juniper Networks to Nortel command equivalents” (page 253)
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
16 Introduction
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
17
.
BGP fundamentals BGP is an inter-domain routing protocol that provides loop-free inter-domain routing between autonomous systems (ASs) or within an AS. BGP systems can exchange network layer reachability information (NLRI) with other BGP systems for the purpose of constructing a graph of AS connectivity. BGP uses this information to prune routing loops and enforce AS-level policy decisions. BGP provides features that allow you to consolidate routing information and to control the flow of BGP updates. To use BGP, you must have the Advanced Routing License. For more information about licensing, see Nortel Ethernet Routing Switch 8600 Administration ( NN46205-605). The following sections provide an overview of BGP and includes descriptions of features you can use to optimize your BGP system. For information about how to use the command line interface (CLI), the Nortel command line interface (NNCLI), the Web management interface, Enterprise Device Manager, see Nortel Ethernet Routing Switch 8600 User Interface Fundamentals ( NN46205-308). IP VPN (also called BGP/MPLS VPN) uses Border Gateway Protocol (BGP) extensions to distribute VPN and virtual routing and forwarding (VRF) routing information. It uses MPLS for packet transportation. Multiple VPN sites can be connected using IP VPNs in the enterprise or carrier-managed networks. Three major components are used by IP VPNs: MPLS, VRF Lite, and Multiprotocol internal BGP (MP-iBGP). For information about MP-iBGP and IP VPN, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN ( NN46205-520). For information about VRF Lite, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing ( NN46205-523).
Navigation • •
“Autonomous systems” (page 18) “Routing information consolidation” (page 23)
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
18 BGP fundamentals
• • • • • • • • • • • • •
“BGP communities” (page 33) “BGP path attributes” (page 34) “BGP route selection” (page 35) “BGP and dampened routes” (page 36) “BGP updates” (page 37) “Equal-cost multipath” (page 42) “MD5 message authentication” (page 42) “BGP and route redistribution” (page 44) “Circuitless IP” (page 45) “BGP and IP VPN” (page 46) “BGP+” (page 51) “Bidirectional Forwarding Detection” (page 52) “BGP configuration considerations and limitations” (page 54)
Autonomous systems An AS is a group of routers and hosts run by a single technical administrator that has a single, clearly defined routing policy. Each autonomous system has its own unique AS number assigned by the appropriate Internet Registry entity. LANs and WANs interconnected by IP routers form a group of networks called an internetwork. For administrative purposes, internetworks are divided into boundaries known as autonomous systems. The following figure shows a sample internetwork segmented into three autonomous systems.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Autonomous systems
19
Figure 1 Internetwork segmented into three autonomous systems
BGP exchanges information between ASs as well as between routers within the same AS. As shown in the previous figure, routers that are members of the same AS and exchange BGP updates run internal BGP (IBGP), and routers that are members of different ASs and exchange BGP updates run external BGP (EBGP).
Autonomous systems navigation
• • • • • • •
“Internal and external BGP routing” (page 20) “BGP speaker” (page 20) “Transit AS” (page 21) “Stub and multihomed autonomous systems” (page 22) “Peers” (page 22) “Supernet advertisements” (page 22) “Bandwidth and maintenance reduction” (page 23)
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
20 BGP fundamentals
Internal and external BGP routing Nortel supports both Internal BGP (IBGP) intra-AS routing and External BGP (EBGP) external-AS routing. With IBGP, each router within an AS runs an interior gateway protocol (IGP), such as routing information protocol (RIP), and open shortest path first (OSPF). The IBGP information, along with the IGP route to the originating BGP border router, determines the next hop to use for exchanging information with an external AS. Each router uses IBGP exclusively to determine reachability to external ASs. When a router receives an IBGP update that is destined for an external AS, the update is passed to IP for inclusion in the routing table only if a viable IGP route to the correct border gateway is available. EBGP is used to communicate routing information between BGP speakers that are in different ASs.
BGP speaker BGP routers employ an entity within the router, referred to as a BGP speaker, which transmits and receives BGP messages and acts upon them. BGP speakers communicate with other BGP speakers by establishing a peer-to-peer session. All BGP speakers within an AS must be fully meshed (see the following figure).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Autonomous systems
21
Figure 2 BGP networks
Transit AS An AS with more than one BGP speaker can use IBGP to provide a transit service for networks located outside the AS. An AS that provides this service is called a transit AS. As shown in Figure 2 "BGP networks" (page 21), AS 40 is the transit AS. It provides information about its internal networks, as well as transit networks, to the remaining ASs. The IBGP connections between routers D, E, and F provide consistent routing information to the ASs.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
22 BGP fundamentals
Stub and multihomed autonomous systems As shown in Figure 2 "BGP networks" (page 21), an AS can include one or more BGP speakers that establish peer-to-peer sessions with BGP speakers in other ASs to provide external route information for the networks within the AS.
•
A stub AS has a single BGP speaker that establishes a peer-to-peer session with one external BGP speaker. In this case, the BGP speaker provides external route information only for the networks contained within its own AS.
•
A multihomed AS has multiple BGP speakers.
Peers The transport protocol used with BGP is Transmission Control Protocol (TCP). When any two routers open a TCP connection to each other for the purpose of exchanging routing information, they form a peer-to-peer relationship. In Figure 2 "BGP networks" (page 21), Routers A and D are BGP peers, as are Routers B and E, C and E, F and G, and Routers D, E, and F. Although Routers A and D are running EBGP, Routers D, E, and F within AS 40 are running IBGP. The EBGP peers are directly connected, while the IBGP peers are not. As long as an IGP is running that allows any two neighbors to logically communicate, the IBGP peers do not require a direct connection. Because all BGP speakers within an AS must be fully meshed logically, the IBGP mesh can grow to large proportions and become difficult to manage. You can reduce the number of peers within an AS by creating confederations and route reflectors. BGP peers exchange complete routing information only after the peer connection is established. Thereafter, BGP peers exchange routing updates. An update message consists of a network number, a list of autonomous systems that the routing information passed through (the AS path), and other path attributes that describe the route to a set of destination networks. When multiple paths are available, BGP compares the path attributes to choose the preferred path. Even when BGP is disabled, all BGP peer connection requests are logged. For more information about update messages, see “BGP updates” (page 37).
Supernet advertisements BGP has no concept of address classes. Each network listed in the network layer reachability information (NLRI) portion of an update message contains a prefix length field, which describes the length of the mask associated with the network. The prefix length field allows for both Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Routing information consolidation
23
supernet and subnet advertisement. The supernet advertisement is what makes classless interdomain routing (CIDR) possible (see “CIDR and aggregate addresses” (page 23)).
Bandwidth and maintenance reduction BGP also provides two features that reduce the high bandwidth and maintenance costs associated with a large full-mesh topology:
• •
Confederations Route reflectors
Confederations and route reflectors are discussed in the following sections.
Routing information consolidation Use the information in this section to help you understand how to reduce the size of routing tables.
Routing information consolidation navigation
• • • •
“CIDR and aggregate addresses” (page 23) “Aggregate routes” (page 28) “Confederations” (page 29) “Route reflectors” (page 31)
CIDR and aggregate addresses Classless interdomain routing (CIDR) is an addressing scheme (also known as supernetting) that eliminates the concept of classifying networks into class types. Earlier addressing schemes identified five classes of networks: Class A, Class B, Class C, Class D, and Class E. Classes D (used for multicast) and E (reserved and currently not used) are not discussed in this book. For example, network 195.215.0.0, an illegal Class C network number, becomes a legal supernet when it is represented in CIDR notation as 195.215.0.0/16. The /16 is called the prefix length and becomes a way of expressing the explicit mask that CIDR requires. In this case, the addition of the prefix /16 indicates that the subnet mask consists of 16 bits (counting from the left). Using this method, supernet 195.215.0.0/16 represents 195.215.0.0 255.255.0.0 (see Table 1 "CIDR Conversion" (page 24)).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
24 BGP fundamentals Table 1 CIDR Conversion Network class
Prefix
Dotted-decimal
Binary
/1
128.0.0.0
1000 0000 0000 0000 0000 0000 0000 0000
128 Class A
/2
192.0.0.0
1100 0000 0000 0000 0000 0000 0000 0000
64 Class A
/3
224.0.0.0
1110 0000 0000 0000 0000 0000 0000 0000
32 Class A
/4
240.0.0.0
1111 0000 0000 0000 0000 0000 0000 0000
16 Class A
/5
248.0.0.0
1111 1000 0000 0000 0000 0000 0000 0000
8 Class A
/6
252.0.0.0
1111 1100 0000 0000 0000 0000 0000 0000
4 Class A
/7
254.0.0.0
1111 1110 0000 0000 0000 0000 0000 0000
2 Class A
/8
255.0.0.0
1111 1111 0000 0000 0000 0000 0000 0000
1 Class A or 256 Class B
/9
255.128.0.0
1111 1111 1000 0000 0000 0000 0000 0000
128 Class B
/10
255.192.0.0
1111 1111 1100 0000 0000 0000 0000 0000
64 Class B
/11
255.224.0.0
1111 1111 1110 0000 0000 0000 0000 0000
32 Class B
/12
255.240.0.0
1111 1111 1111 0000 0000 0000 0000 0000
16 Class B
/13
255.248.0.0
1111 1111 1111 1000 0000 0000 0000 0000
8 Class B
/14
255.252.0.0
1111 1111 1111 1100 0000 0000 0000 0000
4 Class B
/15
255.254.0.0
1111 1111 1111 1110 0000 0000 0000 0000
2 Class B
/16
255.225.0.0
1111 1111 1111 1111 0000 0000 0000 0000
1 Class B or 256 Class C
/17
255.255.128.0
1111 1111 1111 1111 1000 0000 0000 0000
128 Class C
/18
255.255.192.0
1111 1111 1111 1111 1100 0000 0000 0000
64 Class C
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Routing information consolidation
Table 1 CIDR Conversion (cont’d.) Network class
Prefix
Dotted-decimal
Binary
/19
255.255.224.0
1111 1111 1111 1111 1110 0000 0000 0000
32 Class C
/20
255.255.240.0
1111 1111 1111 1111 1111 0000 0000 0000
16 Class C
/21
255.255.248.0
1111 1111 1111 1111 1111 1000 0000 0000
8 Class C
/22
255.255.252.0
1111 1111 1111 1111 1111 1100 0000 0000
4 Class C
/23
255.255.254.0
1111 1111 1111 1111 1111 1110 0000 0000
2 Class C
/24
255.255.225.0
1111 1111 1111 1111 1111 1111 0000 0000
1 Class C
Use CIDR to assign network prefixes of arbitrary lengths, as opposed to the obsolete class system, which assigned prefixes as even multiples of an octet. For example, you can assign a single routing table supernet entry of 195.215.16/21 to represent 8 separate Class C network numbers: 195.215.16.0 through 195.215.23.0.
Supernet addressing You can create a supernet address that covers any address range. For example, to create a supernet address that covers an address range of 192.32.0.0 to 192.32.9.255:
1. Convert the starting and ending address range from dotted-decimal notation to binary notation (see the following figure).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
25
26 BGP fundamentals Figure 3 Binary notation conversion
2. Locate the common bits in both ranges. Ensure that the remaining bits in the start range are zeros, and the remaining bits in the end range are all ones.
3. If the remaining bits in the end range are not all ones, you must recalculate to find the IP prefix that has only ones in the remaining bits in the end range.
4. Recalculate to find a network prefix that has all ones in the remaining end range bits (see the following figure). In this example, 192.32.7.255 is the closest IP prefix that matches the start range’s common bits.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Routing information consolidation
27
Figure 4 First aggregate and prefix length
5. The 21 bits that match the common bits form the prefix length. The prefix length is the number of binary bits that form the explicit mask (in dotted-decimal notation) for this IP prefix.
6. The remaining aggregate is formed from 192.32.8.0 to the end range, 192.32.9.255. As shown in Figure 4 "First aggregate and prefix length" (page 27), the resulting first aggregate 192.32.0.0/21 represents all of the IP prefixes from 192.32.0.0 to 192.32.7.255. The following figure shows the results after forming the remaining aggregate from 192.32.9.0 to the end range, 192.32.9.255. The resulting aggregate 192.32.8.0/23 represents all of the IP prefixes from 192.32.8.0 to 192.32.9.255.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
28 BGP fundamentals Figure 5 Last aggregate and prefix length
The final result of calculating the supernet address that ranges from 192.32.00 to 192.32.9.255 is as follows: 192.32.00 (with mask) 255.255.248.0 = 192.32.0.0/21 192.32.8.0 (with mask) 255.255.254.0 = 192.32.8.0/23
Aggregate routes Eliminating the idea of network classes provides an easy method to aggregate routes. Rather than advertise a separate route for each destination network in a supernet, BGP uses a supernet address to advertise a single route (called an aggregate route) that represents all the destinations. CIDR also reduces the size of the routing tables used to store advertised IP routes. The following figure shows an example of route aggregation using CIDR. In this example, a single supernet address 195.215.0.0/16 is used to advertise 256 separate Class C network numbers 195.215.0.0 through 195.215.255.0.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Routing information consolidation
29
Figure 6 Aggregating routes with CIDR
Confederations A BGP router configured for IBGP establishes a peer-to-peer session with every other IBGP speaker in the AS. In an AS with a large number of IBGP speakers, this full-mesh topology can result in high bandwidth and maintenance costs. As shown in the following example, a full-mesh topology for an AS with 50 IBGP speakers requires 1225 internal peer-to-peer connections: Example: n x (n-1)/2 = n IBGP sessions where: 50 x (50-1)/2 = 1225 number of unique IBGP sessions You can reduce the high bandwidth and maintenance costs associated with a large full-mesh topology by dividing the AS into multiple smaller ASs (sub-ASs), and then grouping them into a single confederation (see the following figure).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
30 BGP fundamentals Figure 7 Confederations
As shown in this figure, each sub-AS is fully meshed within itself and has EBGP sessions with other sub-ASs that are in the same confederation. Although the peers that are located in different ASs have EBGP sessions with the various sub-AS peers, they preserve the next-hop, MED, and local preference information and exchange routing updates as if they were IBGP peers. This method allows all of the ASs to retain a single interior
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Routing information consolidation
31
gateway protocol (IGP). When the confederation is assigned its own confederation identifier, the group of sub-ASs appear as a single AS (with the confederation identifier as the AS number).
Route reflectors Another way to reduce the IBGP mesh inherent in an AS with a large number of IBGP speakers is to configure a route reflector (RR). Using this method, when an IBGP speaker needs to communicate with other BGP speakers in the AS, the speaker establishes a single peer-to-peer RR client session with the IBGP route reflector. In an AS, there can be more than one route reflector cluster. There can also be more than one route reflector in a cluster. When there is more than one reflector in a cluster, special care must be taken to prevent route loops. The following figure shows a simple IBGP configuration with three IBGP speakers (Routers A, B, and C). Without route reflectors configured, when Router A receives an advertised route from an external neighbor, it must advertise the route to Routers B and C. Figure 8 Fully meshed AS with IBGP speakers
Routers B and C do not readvertise the IBGP learned routes to other IBGP speakers (BGP does not allow routers to pass routes learned from internal neighbors on to other internal neighbors, thus avoiding routing information loops).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
32 BGP fundamentals
As shown in the following figure, when you configure an internal BGP peer (Router B) as a route reflector, all of the IBGP speakers are not required to be fully meshed. In this case, the assigned route reflector assumes the responsibility for passing IBGP learned routes to a set of IBGP neighbors. Figure 9 AS with route reflector
When Router B (the route reflector) receives routes advertised from Router A (the IBGP speaker) it advertises them to router C. Conversely, when the route reflector receives routes from internal peers, it advertises those routes to Router A. IBGP sessions are not required between Routers A and C. Route reflectors separate internal peers into two groups: client peers and nonclient peers. The route reflector and its clients form a cluster. The client peers in the cluster are not required to be fully meshed, and do not communicate with IBGP speakers outside their cluster. Nonclient peers must be fully meshed with each other. This concept is shown in the following figure, where Router A is shown as the route reflector in a cluster with client Routers B, C, and D. Routers E, F, and G are fully meshed, nonclient routers.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP communities
33
Figure 10 Route reflector with client and nonclient peers
Confederation and route reflector considerations In the case of route reflectors and confederations, you must enable the next-hop-self parameter on the internal peers. The reason for this is that the next-hop-self parameter changes the next hop of external routes to the address of the router which has transferred them from eBGP to iBGP. This guarantees that the route gets installed in the routing table manager (RTM). The route in the RTM will not be installed if the next-hop of the route is not reachable. With next-hop-self enabled, the reachability is possible. This makes the routing simpler as well. It also helps in terms of security, as monitoring of the outgoing routes is easier, as you can monitor them from one single place.
BGP communities You can group destinations into communities to simplify policy administration. A community is a group of destinations that share a common administrative property.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
34 BGP fundamentals
Use a community control routing policies with respect to destinations. It is common practice to create communities when you have more than one destination and want to share a common attribute. The following are specific community types:
• • •
Internet—advertise this route to the Internet community
•
No Export SubConfed—do not advertise to external BGP peers, even within the same confederation.
No Advertise—do not advertise to any BGP peer including IBGP peers No Export—do not advertise any destinations outside of a BGP confederation
You can use a community to control which routing information to accept, prefer, or distribute to other BGP neighbors. If you specify the append option in the route policy, the specified community value is added to the existing value of the community attribute. Otherwise, the specified community value replaces any community value that was previously set.
BGP path attributes You can create policies that control routes, work with default routing, control specific and aggregated routes, and manipulate BGP path attributes. There are four categories of BGP path attributes:
•
Well-known mandatory attributes must be included in every BGP update message.
•
Well-known discretionary attributes may or may not be sent in a particular BGP update message.
•
Optional transitive attributes are accepted and passed to other BGP peers.
•
Optional non-transitive attributes can be either accepted or ignored, but must not be passed along to other BGP peers.
Path attributes are used by border routers that utilize built-in algorithms or manually configured polices to select paths. BGP uses the following path attributes to control the path a BGP router chooses:
• • • •
Origin (well-known mandatory) AS_path (well-known mandatory) Next Hop (well-known mandatory) Multi-Exit Discriminator Attribute (optional non-transitive)
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP route selection
• • • •
35
Local Preference (well-known discretionary) Atomic Aggregate (well-known discretionary) Aggregator (optional transitive) Community (optional transitive)
These are further discussed in the following section. For information about configuring route policies to manipulate path attributes, see Border Gateway Protocol (BGP-4) Technical Configuration Guide (NN48500-538).
BGP route selection One of the most important responsibilities a BGP router performs is determining the best path to a given destination network. This path is then eligible for use in the router’s IP forwarding table and is also advertised to its external BGP (EBGP) peers. When choosing the best of multiple BGP routes to a given destination, the router executes a best path algorithm. For more details and examples about the algorithm, see the Lab Note BGP Best Path Selection Process on the Passport 8600, available at http://navigate.us.nortel.com/imds?pg=/eng/cse/labnotes/pp8600. The algorithm chooses a route in the following order:
•
highest weight Weight is a locally significant parameter and is associated with each BGP peer. You can use the weight to influence which peer paths the router uses.
•
highest local preference The Local Preference has global significance within an AS. The preference is commonly manipulated using route policies to influence path selection.
•
prefer locally originated paths The path that was locally originated using the network, redistribution, or aggregate command is preferred over a path that was learned through a BGP Update. Local paths sourced by network or redistribute commands are preferred over local aggregates sourced by the aggregate address command.
•
shortest AS Path The AS Path parameter specifies the ASs that the network prefix has traversed. The AS Path is commonly used to determine the best path. For example, a router can choose a path based on whether the network passed through a given AS. A route policy can be configured to match the AS and modify the Local Preference. Also, the AS Path can be padded before it is advertised to a peer AS, so that the advertised network path is less likely to be preferred by downstream routers. Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
36 BGP fundamentals
•
lowest origin type The origin type can be used to prefer a route. The order of preference is IGP, EGP, INC (incomplete).
•
lowest Multi-Exit Discriminator (MED) The MED parameter influences the preferred path from a remote AS to the advertising AS. This parameter applies when there are multiple exit points from the remote AS to the advertising AS. A lower MED value indicates a stronger path preference than a higher MED value. By default, the MED attribute is ignored as specified by the BGP global parameter Always Compare MED. This parameter must be enabled for MEDs to be compared (and for this step of the best path algorithm to execute). The router compares MEDs regardless of what the first (neighboring) AS specified in the AS_PATH. Deterministic MED, when enabled, means that the first AS of the multiple paths must be the same. Paths received with no MED are assigned a MED of 0, unless the global BGP parameter Missing Is Worst is enabled. If so, received paths are assigned a MED of 4 294 967 294. Missing is Worst is enabled by default. The router changes paths received with a MED of 4 294 967 295 to 4 294 967 294 before insertion into the BGP table. If the BGP global parameter Best Path MED Confed is enabled, MEDs are compared for all paths that consists only of AS_CONFED_SEQUENCE (paths originated within the local confederation). This parameter is disabled by default.
•
lowest IGP metric to the BGP next-hop If there are multiple paths whose BGP next-hop is reachable through an IGP, the path with the lowest IGP metric to the BGP next-hop is chosen.
•
prefer External paths (learned via EBGP) over Internal paths (IBGP) External paths are preferred over Internal paths
•
if ECMP is enabled, insert up to four paths in the routing table If the IP global parameter Equal Cost Multi-Path (ECMP) is enabled, then multiple BGP learned routes that have the same metric to different IP next-hops are installed in the IP forwarding table for traffic load-balancing purposes.
•
lowest Router ID The lowest Router ID, or Circuitless IP (CLIP) address, is preferred.
BGP and dampened routes The Ethernet Routing Switch 8600 supports route dampening (route suppression). When route dampening is used, a route accumulates penalties each time the route fails. When the accumulated penalties Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP updates
37
exceed a threshold, the route is no longer advertised. Suppressed routes are re-entered into the routing table only after the accumulated penalty falls below the reuse threshold. Route flap dampening suppresses the advertisement of the unstable route until the route becomes stable. Dampening is applied only to routes that are learned through an EBGP. Route flap dampening prevents routing loops and protects IBGP peers from having higher penalties for routes that are external to the AS. The following is a description of the algorithm that is used to control route flaps. When the route flaps the first time:
• •
A route history entry is created. A timer is started (180 seconds). If the route does not flap again, this timer is used to delete the history entry after the set time of 180 seconds.
When the route flaps a second time:
•
The penalty is recalculated based on the decay function. If the penalty is greater than the cut-off value (1536), the route is suppressed and the reuse time is calculated based on the reuse time function.
•
The reuse timer starts. When the reuse time expires, the suppressed route is announced again (the reuse time is recalculated if the route flaps again). The penalty decays slower for withdrawn routes than for update routes. The route history entry is kept longer if the route is withdrawn. For update history, the delete time is 90 seconds and the withdrawn history delete time is 180 seconds.
BGP updates BGP uses update messages to communicate information between two BGP speakers. The update message can be used to advertise a single feasible route to a peer, or to withdraw multiple unfeasible routes from service. The following figure shows the format of an update message.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
38 BGP fundamentals Figure 11 Update message format
This section describes how BGP uses the update message fields to communicate information between BGP speakers.
BGP updates navigation
• • • • •
“Withdrawn Routes Length” (page 38) “Withdrawn Routes” (page 38) “Total Path Attributes Length” (page 39) “Path Attributes” (page 39) “Network Layer Reachability Information” (page 42)
Withdrawn Routes Length The Withdrawn Routes Length parameter (referred to in RFC 1771 as the Unfeasible Routes Length field) indicates the total length of the Withdrawn Routes field in octets. The Withdrawn Routes Length field is used to calculate the length of the Network Layer Reachability Information field. For example, a value of 0 indicates that no routes are being withdrawn from service, and that the Withdrawn Routes field is not present in this Update message.
Withdrawn Routes The Withdrawn Routes parameter is a variable-length parameter that contains a list of IP prefixes for routes that are being withdrawn from service. The following figure shows the format of an IP prefix. Figure 12 IP Prefix format
The Length indicates the number of bits in the prefix (also called the network mask). Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP updates
39
For example, 195.215.0.0/16 is equivalent to 195.215.0.0 255.255.0.0 (where: the network mask 255.255.0.0 is represented by the /16 which indicates the number of bits in the Length parameter). The Prefix parameter contains the IP address prefix itself, followed by enough trailing bits to make the length of the whole field an integer multiple of 8 bits (1 octet).
Total Path Attributes Length The Total Path Attributes Length parameter indicates the total length of the Path Attributes parameter in octets. The Total Path Attributes Length is used to calculate the length of the Network Layer Reachability Information parameter. For example, a value of 0 indicates that no Network Layer Reachability Information field is present in this update message.
Path Attributes The Path Attributes parameter is a variable-length sequence of path attributes that is present in every BGP Update. The path attributes contain BGP attributes that are associated with the prefixes in the Network Layer Reachability Information parameter. For example, the attribute values allow you to specify the prefixes that can be exchanged in the BGP session, or which of the multiple paths of a specified prefix to use. The attributes carry the following information about the associated prefixes:
• • •
the path origin the AS paths through which the prefix is advertised the metrics that display degrees of preference for this prefix
The following figure shows the encoding used with the Path Attribute parameter. The fields are described in the sections that follow. Figure 13 Path attribute encoding
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
40 BGP fundamentals
Attribute Type As shown in the following figure, the Attribute Type is a two-octet field that comprises two sub-fields: Attribute Flags and Attribute Type Code. Figure 14 Attribute Type fields
Attribute Flags The Attribute Flags parameter is a bit string that contains four binary values that describe the attribute, and four bits that are unused. The bit descriptions (from the high-order bit to the low-order bit) are:
•
The high-order bit (bit 0) is the Optional bit. When set (1) the attribute is optional. When this bit is clear (0), the attribute is well-known. Well-known attributes must be recognized by all BGP implementations and, when appropriate, passed on to BGP peers. Optional attributes are not required to be present in all BGP implementations.
•
The second high-order bit (bit 1) is the Transitive bit. For well-known attributes, this bit must be set to 1. For optional attributes, it defines whether the attribute is transitive (when set to 1) or non-transitive (when set to 0).
•
The third high-order bit (bit 2) is the Partial bit. It defines whether the information contained in the optional transitive attribute is partial (when set to 1) or complete (when set to 0). For well-known attributes and for optional non-transitive attributes the Partial bit must be set to 0.
•
The fourth high-order bit (bit 3) is the Extended Length bit. It defines whether the Attribute Length is one octet (when set to 0) or two octets (when set to 1). Extended Length may be used only if the length of the attribute value is greater than 255 octets.
— If the Extended Length bit of the Attribute Flags octet is set to 0, the third octet of the Path Attribute contains the length of the attribute data in octets.
— If the Extended Length bit of the Attribute Flags octet is set to 1, then the third and the fourth octets of the path attribute contain the length of the attribute data in octets.
•
The lower-order four bits of the Attribute Flags octet are unused. They must be zero (and must be ignored when received).
Attribute Type Code
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP updates
41
The Attribute Type Code parameter contains the attribute type code, as defined by the Internet Assigned Numbers Authority (IANA). The Attribute Type Code is used to uniquely identify the attribute from all others. The remaining octets of the Path Attribute represent the attribute value and are interpreted according to the Attribute Flags and the Attribute Type Code parameters. The supported Attribute Type Codes are shown in the following table. Table 2 BGP mandatory path attributes Attribute
Type code
Description
Origin
1
Defines the origin of the path information:
2
AS path
•
Value = 0 --- IGP (the path is valid all the way to the IGP of the originating AS)
•
Value = 1--- EGP (the path was advertised using an EGP by the last AS in the AS path)
•
Value = 2--- Incomplete (the path is valid only to the last AS in the AS path)
Contains a list of the ASs that must be traversed to reach the given destinations. Each AS path segment is represented as follows:
• • •
Path segment type Path segment length Path segment value
Next hop
3
Specifies the IP address of the border router to use as a next hop for the advertised destinations (destinations listed in the NLRI field of the Update message).
Multiexit discrimin ator
4
This attribute is used on external (internal-AS) links to discriminate among multiple exit or entry points to the same neighboring AS.
Local preference
5
Indicates the preference that AS border routers assign to a chosen route when advertising it to IBGP peers
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
42 BGP fundamentals
Table 2 BGP mandatory path attributes (cont’d.) Attribute
Type code
Atomic aggregate
6
Ensures that certain network layer reachability information (NLRI) is not deaggregated
Aggregator
7
Identifies which AS performed the most recent route aggregation. This attribute contains the last AS number that formed the aggregate route followed by the IP address of the BGP speaker that formed the aggregate route.
Description
Attribute Length The Attribute Length can be one or two octets in length, depending on the value of the Extended Length parameter in the Attributes Flag field. This parameter indicates the length of the Attribute Value field.
Attribute Value The Attribute Value contains the actual value of the specific attribute and is implemented according to the values in the Attribute Flags and the Attribute Type Code parameters.
Network Layer Reachability Information The Network Layer Reachability Information parameter is a variable length field that contains a list of prefixes. The number of prefixes in the list is limited only by the packet size that can be sent between BGP speakers.
Equal-cost multipath Equal-cost Multipath (ECMP) support allows a BGP speaker to perform route or traffic balancing within an AS by using multiple equal-cost routes submitted to the routing table by OSPF, RIP, or static routes. For more information about ECMP, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523).
MD5 message authentication Authenticate BGP messages by using Message Digest 5 (MD5) signatures. When you enable BGP authentication, the BGP speaker verifies that the BGP messages it receives from its peers are actually from a peer and not from a third party masquerading as a peer. BGPv4 TCP MD5 message authentication provides the following features:
•
A TCP MD5 signature can exist for BGP peers. You can configure authentication and secret keys for each peer. Peers configured with
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
MD5 message authentication
43
common secret keys can authenticate each other and exchange routing information.
•
The switch can concurrently have some BGP peers configured with authentication enabled and other BGP peers with authentication disabled.
•
The secret keys are always stored encrypted.
When you enable BGPv4 TCP MD5 authentication, the router computes an MD5 signature for each TCP packet based on the TCP packet and a per-peer secret key. The router adds this MD5 signature to the TCP packet containing a BGP message and sends it with the packet, but it does not send the secret key. The receiver of the TCP packet also knows the secret key and can verify the MD5 signature. A third party trying to masquerade as the sender, however, cannot generate an authentic signature because it does not know the secret key. In the CLI commands, the term Password refers to the secret key. The secret keys provide security. If the keys are compromised, then the authentication itself is compromised. To prevent this, the secret keys are stored in encrypted form on the switch.
MD5 signature generation BGP peers calculate MD5 signatures in BGP messages based on the following elements:
• • • •
TCP pseudo-header TCP header, excluding options TCP segment data TCP MD5 authentication key
If TCP receives an MD5 authentication key, it reduces its maximum segment size (MSS) by 18 octets, which is the length of the TCP MD5 option. It also adds an MD5 signature to each transmitted packet. The peer inserts the resulting 16-byte MD5 signature into the following TCP options: kind=19, length=18.
MD5 signature verification As shown in the following table, after the switch receives a packet, it performs three tests. The following table lists the tests and the event message that TCP logs if a test fails.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
44 BGP fundamentals Table 3 MD5 signature verification rules on BGP TCP packets Condition tested
Action on success
Failure event message
Is the connection configured for MD5 authentication?
Verify that the packet contains a kind=19 option.
TCP MD5 No Signature
Is MD5 authentication enabled for this TCP connection?
TCP computes the expected MD5 signature.
TCP MD5 Authentication Disabled
Does the computed MD5 signature match the received MD5 signature?
TCP sends the packet to BGP.
TCP MD5 Invalid Signature
•
If a packet passes a test, it proceeds to the next test. When a packet has passed all three tests, TCP accepts the packet and sends it to BGP.
•
If a packet fails a test, the switch logs an event, increments the count of TCP connection errors (wfTcpConnMd5Errors), and discards the packet. The TCP connection remains open.
BGP and route redistribution Redistribution imports routes from one protocol to another. Redistribution sends route updates for a protocol-based route through another protocol. For example, if OSPF routes exist in a router and they must be sent through a BGP network, then configure redistribution of OSPF routes through BGP. This sends OSPF routes to a router that uses BGP. Routes can be redistributed:
•
on a global basis between protocols on a single VRF instance (intraVRF)
•
between the same or different protocols on different VRF instances (interVRF)
Configure the route policy with the match parameter set to the protocol from which routes should be learned. For example, to redistribute OSPF routes to BGP, apply the following route policy: config ip route-policy bgp_pol seq 1 create config ip route-policy bgp_pol seq 1 enable config ip route-policy bgp_pol seq 1 action permit config ip route-policy bgp_pol seq 1 match-protocol ospf
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Circuitless IP
45
You can also use the config ip bgp redistribute command to accomplish the (intraVRF) redistribution of routes through BGP, so that BGP redistribution occurs globally on all BGP-enabled interfaces. This redistribution does not require a route policy, but one can be used for more control. You can redistribute routes from a protocol in one VRF to BGP in another VRF using the config ip bgp redistribute [vrf-src ] commands. You can use a route policy for redistribution control. If you enable route redistribution between VRF instances, ensure that IP addresses do not overlap. Use caution when configuring redistribution. An improperly configured parameter could cause learned EBGP routes to be advertised out of your local AS. If this happens, other networks could be routed through your local AS. You should not use redistribution if you are peering to an Internet Service Provider (ISP) and do not wish to have traffic transit your local AS. When you redistribute OSPF routes into BGP, route priorities can create routing loops. Because BGP has a higher route preference than OSPF External type 1 and 2 routes, if you redistribute OSPF External type 1 and 2 routes into BGP, the BGP routes are used and could cause a routing loop. The Ethernet Routing Switch 8600 supports route redistribution between BGP, RIP, OSPF, and between direct and static routes. For more information about RIP and OSPF route redistribution, and about route redistribution using the IP, Policy, Route Redistribution tab, see Nortel Ethernet Routing Switch 8600 Configuration — OSPF and RIP (NN46205-522) and Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523). See “Configuring redistribution to BGP for VRF 0” (page 79).
Circuitless IP Circuitless IP (CLIP) is a virtual (or loop back) interface that is not associated with a physical port. You can use a CLIP interface to provide uninterrupted connectivity to your switch as long as there is an actual path to reach the device. For example, as shown in the following figure, a physical point-to-point link exists between R1 and R2 along with the associated addresses (195.39.1.1/30 and 195.39.1.2/30). Note also that an IBGP session exists between two additional addresses 195.39.128.1/32 (CLIP 1) and 195.39.128.2/32 (CLIP 2).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
46 BGP fundamentals Figure 15 Routers with I-BGP connections
The CLIP interface is treated as any other IP interface. The network associated with the CLIP is treated as a local network attached to the device. This route always exists and the circuit is always up because there is no physical attachment. Routes are advertised to other routers in the domain either as external routes using the route-redistribution process or when you enable OSPF in a passive mode to advertise an OSPF internal route. You can configure the OSPF protocol only on the CLIP interface. When you create a CLIP interface, the system software programs a local route with the CPU as destID. All packets that are destined to the CLIP interface address are processed by the CPU. Any other packets with destination addresses associated with this network (but not to the interface address) are treated as if they are from any unknown host. A circuitless IP or CLIP (that is, loopback IP address) is a logical IP address that is used for network management, as well as other purposes. It is typically configured as a host address (with a 32 bit subnet mask). Nortel recommends that the OSPF Router ID be set to the configured circuitless IP address. By default, the BGP Router ID is automatically equivalent to the OSPF Router ID. For information about configuring CLIP interfaces, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523).
BGP and IP VPN IP VPN is used to provide Virtual Private Networks (VPNs) using the Ethernet Routing Switch 8600 platform. There are three major components used to implement IP VPN on the Ethernet Routing Switch 8600: MultiProtocol Label Switching (MPLS), Virtual Router Forwarding Lite (VRF Lite), and Multiprotocol Internal Border Gateway Protocol (MP-iBGP).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP and IP VPN
47
RFC 4364 defines BGP extensions to distribute the VPN/VRF routing information using the control plane, and defines MPLS for packet transportation. Multiple VPN sites can be connected using IP VPN in enterprise or carrier-managed networks. To enable an RFC 4364 VPN network, four major network components are required: the VPN site, the Customer Edge (CE) router, the Provider Edge (PE) router, and the Provider (P) core router (see the following figure). Figure 16 IP VPN network
A CE device resides in a VPN site and connects to a PE router. The CE allows the VPN site access to remote VPN sites that belong to the same VPN. A PE router attaches to one or more CE devices and peers using IBGP with at least one other PE node. A PE node provides remote access to other VPNs that are locally supported by a PE, and keeps track of all VPN routing information which it learns both locally and remotely. It also acts as Label Edge Router (LER), which terminates an LSP tunnel used to forward traffic to other PE nodes. A P router provides IGP connectivity between PE nodes. It is not connected to any CE device and has no knowledge of VPN routes. PE routers use BGP to distribute VPN routes to each other. Each VPN can have its own address space. This means that the same address can be used in any number of VPNs, where in each VPN, the address denotes a different system. If two sites of a VPN attach to PE routers in the same
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
48 BGP fundamentals
AS, the PE routers can distribute VPN-IPv4 routes to each other by means of an IBGP connection between them. Alternatively, each can have an IBGP connection to a route reflector. For information about IP VPN, and BGP configuration for IP VPN, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN (NN46205-520). For information about MPLS, see Nortel Ethernet Routing Switch 8600 Configuration — MPLS Services (NN46205-519).
BGP IP VPN parameters Several BGP parameters are required to support IP VPN. These are briefly described in the following sections. For more information, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN (NN46205-520). IP VPN requires the Premier Routing License. For information about licensing, see Nortel Ethernet Routing Switch 8600 Administration (NN46205-605).
BGP IP VPN parameters navigation
• • • •
“Site of origin” (page 48) “Route distinguishers” (page 48) “Route targets” (page 49) “Route refresh” (page 49)
Site of origin The site of origin uniquely identifies the site from which the PE router learned the route. All routes learned from a particular site must be assigned the same Site of Origin, even if a site is multiply-connected to a single PE, or is connected to multiple PEs. Different Site of Origin parameters must be used for distinct sites. The site of origin parameter can be used to prevent routing loops. In some cases, this parameter can be used to ensure that a route learned from a particular site through a particular PE/CE connection is not distributed back to the site through a different PE/CE connection. It is particularly useful if BGP is used as the PE/CE protocol, but different sites have not been assigned distinct AS numbers.
Route distinguishers Route distinguishers (RD) are part of the mechanism that converts non-unique IP addresses into globally unique addresses
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP and IP VPN
49
VPNs connect private networks that can use private and public addresses. Different systems within different VPNs can have private addresses that overlap with each other. BGP assumes all addresses it advertises and receives are globally unique addresses. An RD differentiates between systems so that BGP views them as two different systems. The RD is an eight-byte value used to prefix the IPv4 address, which forms a VPN-IPv4 address that uniquely identifies the same private IPv4 addresses that belong to different VPNs.
Route targets Route targets are a form of policy which identifies a set of sites within a VPN. Route targets control the distribution of VPN-IPv4 routes. When a route is learned from another PE, the import route target identifies which VRF for which the route is destined. When a route is announced to another PE, the Export route targets, which are associated with the VRF from which the route was learned, is encoded with the route. A route target is an eight-byte field encoded in the EXTENDED_COMMUN ITY path attribute of the UPDATE message. The first two bytes encode the Type, and the other six bytes encode the Value. When comparing route targets, all eight bytes must be equal for the route targets to be considered equal. A route target consists of an administration field and an assigned number field. Import route targets are used by the ingress PE to identify which VPNs are associated with the routing information. Import route targets are configured for each VRF, and used by the PE to decide which routes should be distributed to each VRF. Import route targets and export route targets must be configured for a VRF using VRF import and export policies.
Route refresh Because routes are subject to ingress filtering, routing information is lost for any VPN that is not configured on the PE router. If a VPN (for example, one of the import route targets that is configured for a VRF) is configured on the PE router, the router must relearn information it previously discarded that was tagged with that route target. Route refresh accomplishes the relearning of routes. A route refresh request received by a BGP speaker causes the speaker to resend all route updates it contains in its database that are eligible for the peer that issues the request. To advertise the Route Refresh capability to a peer, a BGP speaker uses BGP Capabilities Advertisements. The advertisement conveys to a peer that the speaker can receive and properly handle ROUTE-REFRESH requests from the peer. The Ethernet Routing Switch 8600 saves all VPN Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
50 BGP fundamentals
routes it receives from its BGP peer if that peer cannot use route refresh. If the BGP peer is route refresh capable, then the Ethernet Routing Switch 8600 saves all VPN routes that belong to the VPNs that are configured on it. If the route refresh capability is negotiated with a peer, route information in a routing update is lost if none of the route targets that are received with the routing update matches with any of the import route targets in any VRF.
IP VPN BGP route preference and selection For IP VPN routes learned through MP-BGP, the protocol is set to VPN-IPv4. When multiple routes from different protocols to the same destination are learned, the route preference determines the best route to the destination. The route preference for VPN-IPv4 is configurable and defaults to the default route preference for IBGP. Route selection rules are applied to incoming VPN routes as follows.
•
If it exists, an inbound policy (a policy configured on an IBGP neighbor) is applied to the VPN routes.
•
If the route is not denied by a policy, the Route Target (RT) in the route update is matched with the import route targets in the VRFs.
• •
If there is at least one matching RT found, the VPN route is stored. Routes with the same RD and prefix/mask use the following BGP route selection rules:
— lowest group preference (configured on a BGP group-basis) — highest BGP local preference — shortest AS-PATH length — lowest AS-PATH origin — lowest MED — external/confederation over internal BGP — local route (learned from attached CEs, static routes, or attached subnets)
— leaked route from a locally configured VRF instance — remote route through MP-BGP peer — lowest BGP ID — lowest peer address — lowest route distinguisher
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP+
•
If a matching RT is not found, the decision about whether to store the VPN route is based on the route refresh capability information exchanged with the BGP peer.
• • •
A route is imported to VRFs which have a matching import RT.
51
In a VRF, VRF-level import policies are applied to the route. If a route is not denied by a policy, the route is added to the VRF IP route table if there is a MPLS tunnel established and available for the BGP next hop from which the route is learned.
BGP+ Ethernet Routing Switch 8600 extends the BGPv4 process to support the exchange of IPv6 routes using BGPv4 peering. BGP+ is an extension of BGPv4 for IPV6. Note that the Ethernet Routing Switch 8600 BGP+ support is not an implementation of BGPv6. Native BGPv6 peering uses the IPv6 Transport layer (TCPv6 ) for establishing the BGPv6 peering, route exchanges, and data traffic. Native BGPv6 peering is not supported in Release 7.0. Ethernet Routing Switch 8600 supports the exchange of BGP+ reachability information over IPv4 transport. To support BGP+, the Ethernet Routing Switch supports two BGP protocol extensions, standards RFC 4760 (multi-protocol extensions to BGP) and RFC 2545 (MP-BGP for IPv6). These extensions allow BGPv4 peering to be enabled with IPv6 address family capabilities. The Ethernet Routing Switch 8600 implementation of BGP+ uses an existing TCPv4 stack to establish a BGPv4 connection. Optional, nontransitive BGP properties are used to transfer IPv6 routes over the BGPv4 connection. Any BGP+ speaker has to maintain at least one IPv4 address to establish a BGPv4 connection. Different from IPv4, IPv6 introduces scoped unicast addresses, identifying whether the address is global or link-local. When BGP+ is used to convey IPv6 reachability information for inter-domain routing, it is sometimes necessary to announce a next hop attribute that consists of a global address and a link-local address. For BGP+, no distinction is made between global and site-local addresses. The BGP+ implementation includes support for BGPv6 policies, including redistributing BGPv6 into OSPFv3, and advertising OSPFv3, static, and local routes into BGPv6 (through BGP+). It also supports the aggregation of global unicast IPv6 addresses, as well as confederations and partial HA.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
52 BGP fundamentals
The basic configuration of BGP+ is the same as BGPv4 with one additional parameter added and some existing commands altered to support IPv6 capabilities. You can enable and disable IPv6 route exchange by specifying the address family attribute as IPv6. Note that an IPv6 tunnel is required for the flow of IPv6 data traffic. BGP+ is only supported on the global VRF instance.
BGP+ tunnel configurations When using the BGP+ functionality, additional configurations are needed to install the routes in the IPv6 RTM and for the IPv6 traffic originated from one IPv6 island to reach the other IPv6 island. These are IPv6 tunnel and static route configurations specific to the BGP+ peers. For more information, see “BGP+ tunnel configuration examples” (page 231).
Limitations BGP+ convergence in case of Split Multi-Link Trunk (SMLT) scenarios cannot be guaranteed. Nortel does not recommend to configure BGP peers between SMLT core routers or in between the core router and any switch connecting through SMLT links for the failover scenarios.
Bidirectional Forwarding Detection The Ethernet Routing Switch 8600 supports Bidirectional Forwarding Detection (BFD).
Overview BFD is a simple Hello protocol used between two peers. In BFD, each peer system periodically transmits BFD packets to each other. If one of the systems does not receive a BFD packet after a certain period of time, the system assumes that the link or other system is down. BFD provides low-overhead, short-duration failure detection between two systems. BFD also provides a single mechanism for connectivity detection over any media, at any protocol layer. Because BFD sends rapid failure detection notifications to the routing protocols that run on the local system, which initiates routing table recalculations, BFD helps reduce network convergence time. BFD supports IPv4 single-hop detection for static routes, OSPF, and BGP. The Ethernet Routing Switch 8600 BFD implementation complies with IETF drafts draft-ietf-bfd-base-06 and draft-ietf-bfd-v4v6-1hop-06.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Bidirectional Forwarding Detection
53
Operation The Ethernet Routing Switch 8600 uses one BFD session for all protocols with the same destination. For example, if a network runs OSPF and BGP across the same link with the same peer, only one BFD session is established, and BFD shares session information with both routing protocols. You can enable BFD over data paths with specified OSPF neighbors, BGP neighbors, and static routing next-hop addresses. The Ethernet Routing Switch 8600 supports BFD asynchronous mode, which sends BFD control packets between two systems to activate and maintain BFD neighbor sessions. To reach an agreement with its neighbor about how rapidly failure detection occurs, each system estimates how quickly it can send and receive BFD packets. A session begins with the periodic, slow transmission of BFD Control packets. When bidirectional communication is achieved, the BFD session comes up. After the session is up, the transmission rate of Control packets can increase to achieve detection time requirements. If Control packets are not received within the calculated detection time, the session is declared down. After a session is down, Control packet transmission returns to the slow rate. If a session is declared down, it cannot come back up until the remote end signals that it is down (three-way handshake). A session can be kept administratively down by configuring the state of AdminDown.
BFD and SMLT BFD is not supported to run on RSMLT VLANs or SMLT connections. For all RSMLT/SMLT configurations, use VLACP for rapid peer node failure detection.
BFD restrictions The Ethernet Routing Switch 8600 supports a maximum of 256 static BFD sessions, or 100 OSPF BFD sessions, or 150 BGP BFD sessions; however, the number of BFD sessions plus the number of VLACP sessions cannot exceed 256. The Ethernet Routing Switch 8600 does not support the following IETF BFD options:
• •
Echo packets BFD over IPv6
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
54 BGP fundamentals
• •
Demand mode authentication
The Ethernet Routing Switch 8600 does not support:
• •
BFD on a Virtual Router Redundancy Protocol (VRRP) virtual interface Full High Availability (HA) for BFD
The Ethernet Routing Switch 8600 supports partial HA for BFD. The Ethernet Routing Switch 8600 also supports the modification of transmit and receive intervals during an active BFD session. BFD is only supported on VRF 0.
BGP configuration considerations and limitations Use the information in this section to help you configure BGP on the Ethernet Routing Switch 8600. The Ethernet Routing Switch 8600 supports BGPv4 as described in RFC 1771.
Configuration considerations and limitations navigation
• • • •
“BGP implementation guidelines” (page 54) “Configuration guidelines” (page 55) “BGP neighbor Maximum Prefix configuration” (page 56) “BFD restrictions” (page 53)
BGP implementation guidelines To successfully configure BGP, follow these guidelines:
•
BGP will not operate with an IP router in nonforwarding (host-only) mode. Make sure that the routers you want BGP to operate with are in forwarding mode.
•
If you are using BGP for a multihomed AS (one that contains more than a single exit point), Nortel recommends that you use OSPF for your IGP and BGP for your sole exterior gateway protocol, or use intra-AS IBGP routing.
•
If OSPF is the IGP, use the default OSPF tag construction. Using EGP or modifying the OSPF tags makes network administration and proper configuration of BGP path attributes difficult.
•
For routers that support both BGP and OSPF, the OSPF router ID and the BGP identifier must be set to the same IP address. The BGP router ID automatically uses the OSPF router ID.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
BGP configuration considerations and limitations 55
•
In configurations where BGP speakers reside on routers that have multiple network connections over multiple IP interfaces (the typical case for IBGP speakers), consider using the address of the router’s circuitless (virtual) IP interface as the local peer address. In this way, you ensure that BGP is reachable as long as there is an active circuit on the router.
•
By default, BGP speakers do not advertise or inject routes into its IGP. You must configure route policies to enable route advertisement.
•
Coordinate routing policies among all BGP speakers within an AS so that every BGP border router within an AS constructs the same path attributes for an external path.
•
Configure accept and announce policies on all IBGP connections to accept and propagate all routes. Make consistent routing policy decisions on external BGP connections.
Configuration guidelines On the Ethernet Routing Switch 8600, you must configure the following minimum parameters:
• • • • • •
Router ID Local AS Number Enable BGP globally BGP Neighbor Peer Session: remote IP addresses Enable BGP peer When running both BGP and OSPF, the OSPF and BGP Router ID must be the same.
The Router ID must be a valid IP address of an IP interface on the router or a circuitless IP (CLIP) address. This IP address is used in BGP Update messages. By default, the BGP Router ID automatically uses the OSPF Router ID. You cannot configure the BGP Router ID if you configure BGP before you have configured the OSPF Router ID. You must first disable BGP, and then enable BGP globally. BGP policies can be added to the BGP peer configuration to influence route decisions. BGP policies are applied to the peer through the CLI and NNCLI soft-reconfiguration commands. After the Ethernet Routing Switch 8600 is configured for BGP, some parameter changes may require the BGP global state or the neighbor admin-state to be disabled or enabled. Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
56 BGP fundamentals
BGP policies are dynamically modified. On the global level, the BGP redistribution command has an apply parameter that causes the policy to be applied when it is issued.
BGP neighbor Maximum Prefix configuration By default, the Maximum Prefix parameter is set to limit 12 000 network layer reachability information (NLRI) messages per neighbor. The Maximum Prefix parameter limits the number of routes that the Ethernet Routing Switch 8600 can accept. The Maximum Prefix parameter prevents large numbers of BGP routes from flooding the network in the event of a misconfiguration. You can configure the Maximum Prefix limit to any value, including 0 (0 means unlimited routes). When you configure the Maximum Prefix value, consider the maximum number of active routes that your equipment configuration can support.
BGP and OSPF interaction RFC 1745 defines the interaction between BGP and OSPF when OSPF is the IGP within an autonomous system. For routers running both protocols, the OSPF router ID and the BGP ID must be the same IP address. Interaction between BGPv4 and OSPF includes the ability to advertise supernets to support classless interdomain routing (CIDR). BGPv4 supports interdomain supernet advertisements; OSPF can carry supernet advertisements within a routing domain.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
57
.
BGP configuration using Enterprise Device Manager Configure Border Gateway Protocol (BGP) to create an interdomain routing system that guarantees loop-free routing information between autonomous systems. The Ethernet Routing Switch 8600 supports BGP with IPv4 and IPv6 networks. Most of the IPv4 BGP configuration tabs are applicable to BGP+ as well. Some BGP+ tabs are also provided for the presentation of IPv6-specific information. When using the BGP+ functionality, additional configurations are needed to install the routes in the IPv6 RTM and for the IPv6 traffic originated from one IPv6 island to reach the other IPv6 island. These are IPv6 tunnel and static route configurations specific to the BGP+ peers. For more information, see “BGP+ tunnel configuration examples” (page 231). For information about configuring IP VPN with BGP, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN (NN46205-520). For information about configuring route policies for BGP, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523). All information about statistics is moved to Nortel Ethernet Routing Switch 8600 Performance Management (NN46205-704).
Navigation • • • • • •
“Logging in to a VRF instance” (page 58) “Configuring BGP globally” (page 58) “Configuring aggregate routes” (page 63) “Configuring aggregate IPv6 routes” (page 64) “Configuring allowed networks” (page 66) “Configuring allowed IPv6 networks” (page 66) Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
58 BGP configuration using Enterprise Device Manager
• • • • • • • • • • • •
“Configuring BGP peers” (page 67) “Configuring peer groups” (page 72) “Viewing BGP summary route information” (page 76) “Viewing IPv6 BGP+ summary route information” (page 77) “Displaying dampened routes information” (page 78) “Configuring redistribution to BGP for VRF 0” (page 79) “Configuring redistribution to BGP+ for VRF 0” (page 80) “Configuring a prefix list” (page 82) “Configuring an IPv6 prefix list” (page 83) “Configuring an AS path list” (page 84) “Configuring a community access list” (page 85) “Configuring an extended community list” (page 86)
Logging in to a VRF instance Log in to a particular VRF instance to view and configure parameters for that VRF. For more information about VRF Lite, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523). BGP+ only supports the GlobalRouter VRF instance.
Procedure steps Step
Action
1
In your browser, enter the switch IP.
2
In the User Name field, enter your user name.
3
In the Password field, enter your password.
4
In the VRF Name field, enter the name for the VRF that you want to configure (default global router name is GlobalRouter).
5
Click Log On. --End--
Configuring BGP globally Enable BGP so that BGP runs on the router. Configure general BGP parameters to define how BGP operates on the system.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BGP globally
59
This procedure applies for BGP+ as well as for IPv4 BGP.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the required VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
•
If you must configure the BGP Router ID, use the CLI or NNCLI. You cannot configure the BGP Router ID using Enterprise Device Manager.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
To enable BGP, in AdminStatus, select enable.
4
Configure the LocalAs ID.
5
In Aggregate, enable or disable route aggregation as required.
6
Configure the remaining BGP options as required.
7
Configure BGP confederations as required.
8
Configure BGP route reflectors as required.
9
In the IP-VPN section, enable or disable RouteRefresh as required.
10
Click Apply. --End--
Variable definitions Use the data in the following table to configure general BGP parameters. Variable
Value
bgpVersion
Specifies the version of BGP that operates on the router.
bgpIdentifier
Specifies the BGP router ID number. The default value is 0.0.0.0, but if BGP is enabled without changing this value, the OSPF router ID is used.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
60 BGP configuration using Enterprise Device Manager
Variable
Value
AdminStatus
Enables or disables BGP on the router. The default is disable. You cannot enable AdminStatus until you change the LocalAS value to a nonzero value.
LocalAs
Sets the local autonomous system (AS) number in the range of 1 to 65535. You cannot change the LocalAS when AdminStatus is set to enable.
Aggregate
Enables or disables aggregation. The default is enable.
DefaultMetric
Sets the metric sent to BGP neighbors. The Default Metric determines the cost of a route a neighbor uses. Use this parameter in conjunction with the redistribute parameters so that BGP uses the same metric for all redistributed routes. The default is -1. The range is -1 to 2147483647.
DefaultLocalPreference
Specifies the default local preference. The default is 100. The range is 0 to 2147483647.
DefaultInformationOriginate
Enables or disables the redistribution of network 0.0.0.0 into BGP. The default is disable.
DefaultInformationOriginateIP v6
Enables or disables the redistribution of a default IPv6 network into BGP. The default is disable.
AlwaysCompareMed
Enables or disables the comparison of the multi-exit discriminator (MED) parameter for paths from neighbors in different ASs. A path with a lower MED is preferred over a path with a higher MED. The default is disable.
DeterministicMed
Enables or disables deterministic MED. Deterministic MED compares the MEDs when routes advertised by different peers in the same AS are chosen. The default is disable.
AutoPeerRestart
Enables or disables the process that automatically restarts a connection to a BGP neighbor. The default is enable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BGP globally
61
Variable
Value
AutoSummary
Enables or disables automatic summarization. When enabled, BGP summarizes networks based on class limits (for example, Class A, B, or C networks). The default is enable.
NoMedPathIsWorst
Enables or disables NoMedPathIsWorst. When set to enable (default), BGP treats an update that is missing a MED attribute as the worst path.
BestPathMedConfed
Enables or disables the comparison of MED attributes within a confederation. The default is disable.
DebugMask
Displays the specified debug information for BGP global configurations. The default value is none.
IgnoreIllegalRouterId
• • •
none disables all debug messages.
•
packet enables the display of debug packet messages.
•
event enables the display of debug event messages.
•
trace enables the display of debug trace messages.
•
warning enables the display of debug warning messages.
•
state enables display of debug state transition messages.
•
init enables the display of debug initialization messages.
•
filter enables the display of debug messages related to filtering.
•
update enables display of debug messages related to updates transmission and reception.
all enables all debug messages. error enables the display of debug error messages.
Enables BGP to overlook an illegal router ID. For example, it enables the acceptance of a connection from a peer that sends an open message using a router ID of 0. The default is enable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
62 BGP configuration using Enterprise Device Manager
Variable
Value
Synchronization
Enables or disables the router to accept routes from iBGP peers without waiting for an update from the IGP. The default is enable.
MaxEqualcostRoutes
Sets the maximum number of equal-cost-paths that are available to a BGP router by limiting the number of equal-cost-paths that can be stored in the routing table. The default value is 1; the range is 1 to 8.
IbgpReportImportRoute
Configures BGP to report imported routes to an interior BGP (IBGP) peer. This command also enables or disables reporting of non-BGP imported routes to other IBGP neighbors. The default is enable.
FlapDampEnable
Enables or disables route suppression for routes that go up and down (flap). The default is disable. This parameter is not supported with BGP+.
QuickStart
Enables or disables the Quick Start feature, which forces the BGP speaker to begin establishing peers immediately, instead of waiting for the peer’s auto-restart timer to expire. The default is disable.
TrapEnable
Enables or disables BGP traps.
ConfederationIdentifier
Specifies a BGP confederation identifier in the range of 0 to 65535. The default is 0.
ConfederationPeers
Lists adjoining ASs that are part of the confed eration in the format (5500,65535,0,10,...,...). The default is none.
RouteReflectionEnable
Enables or disables the reflection of routes from IBGP neighbors. The default is enable.
RouteReflectorClusterId
Sets a reflector cluster ID IP address. This option applies only if RouteReflectionEnable is set to enable, and if multiple route reflectors are in a cluster. The default value is 0.0.0.0.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring aggregate routes
63
Variable
Value
ReflectorClientToClientReflect ion
Enables or disables route reflection between two route reflector clients. This option applies only if RouteReflectionEnable is set to enable. The default is enable.
RouteRefresh
Enables or disables IP VPN Route Refresh for BGP. The default is disable. If enabled, a route refresh request received by a BGP speaker causes the speaker to resend all route updates it contains in its database that are eligible for the peer that issues the request. This parameter is not supported with BGP+.
Configuring aggregate routes Configure aggregate routes so that the router advertises a single route (aggregate route) that represents all destinations. Aggregate routes also reduce the size of routing tables. This procedure does not apply for IPv6 routes.
Prerequisites
• • • •
Aggregate routes are enabled. You have determined the appropriate aggregate address and mask. If required, policies exist. To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Aggregates tab.
4
Click Insert.
5
Configure the aggregate Address and PrefixLen.
6
Configure AsSetGenerate and SummaryOnly as required.
7
Configure policies for the aggregate route. Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
64 BGP configuration using Enterprise Device Manager
8
Click Insert. --End--
Variable definitions Use the data in the following table to configure aggregate routes. Variable
Value
Address
Specifies the aggregate address. The default is none.
PrefixLen
Specifies the aggregate prefix length. The default is none.
AsSetGenerate
Enables or disables AS-SET path information generation. The default is disable.
SummaryOnly
Enables or disables the summarization of routes in routing updates. Enabling this parameter creates the aggregate route and suppresses advertisements of more-specific routes to all neighbors. The default is disable.
SuppressPolicy
Specifies the route policy (by name) used for the suppressed route list. Enabling this parameter creates the aggregate route and suppresses advertisements of the specified routes. The default is none.
AdvertisePolicy
Specifies the route policy (by name) used for route advertisements. The route policy selects the routes that create AS-SET origin communities. The default is none.
AttributePolicy
Specifies the route policy (by name) used to determine aggregate route attributes. The default is none.
Configuring aggregate IPv6 routes Configure IPv6 aggregate routes so that the router advertises a single route (aggregate route) that represents all destinations. Aggregate routes also reduce the size of routing tables.
Prerequisites
• • •
Aggregate routes are enabled. You have determined the appropriate aggregate prefix and length. If required, policies exist.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring aggregate IPv6 routes
65
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IPv6.
2
Double-click BGP+.
3
Click the Aggregates tab.
4
Click Insert.
5
Specify the aggregate Address and PrefixLen.
6
Configure AsSetGenerate and SummaryOnly as required.
7
Configure policies for the aggregate route.
8
Click Insert. --End--
Variable definitions Use the data in the following table to configure aggregate routes. Variable
Value
Address
Specifies the aggregate address. The default is none.
PrefixLen
Specifies the aggregate prefix length. The default is none.
AsSetGenerate
Enables or disables AS-SET path information generation. The default is disable.
SummaryOnly
Enables or disables the summarization of routes in routing updates. Enabling this parameter creates the aggregate route and suppresses advertisements of more-specific routes to all neighbors. The default is disable.
SuppressPolicy
Specifies the route policy (by name) used for the suppressed route list. Enabling this parameter creates the aggregate route and suppresses advertisements of the specified routes. The default is none.
AdvertisePolicy
Specifies the route policy (by name) used for route advertisements. The route policy selects the routes that create AS-SET origin communities. The default is none.
AttributePolicy
Specifies the route policy (by name) used to determine aggregate route attributes. The default is none.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
66 BGP configuration using Enterprise Device Manager
Configuring allowed networks Configure network addresses to determine the network addresses that BGP advertises. The allowed addresses determine the BGP networks that originate from the Ethernet Routing Switch 8600. This procedure does not apply for IPv6 networks.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Network tab.
4
Click Insert.
5
Configure the network address, prefix length, and metric.
6
Click Insert. --End--
Variable definitions Use the data in the following table to configure network addresses. Variable
Value
NetworkAfAddr
Specifies the network prefix that BGP advertises. The default is none.
NetworkAfPrefixLen
Specifies the network prefix length. The default is none.
NetworkAfMetric
Specifies the metric used when an update is sent for the routes in the network table. The metric configures the MED for the routes advertised to EBGP peers. The range is 0 to 65535. The default is 0.
Configuring allowed IPv6 networks Configure IPv6 network addresses to determine the network addresses that BGP advertises. The allowed addresses determine the BGP networks that originate from the Ethernet Routing Switch 8600. Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BGP peers
67
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IPv6.
2
Double-click BGP+.
3
Click the Network tab.
4
Click Insert.
5
Configure the network address, prefix length, and metric.
6
Click Insert. --End--
Variable definitions Use the data in the following table to configure network addresses. Variable
Value
NetworkAfAddr
Specifies the network prefix that BGP advertises. The default is none.
NetworkAfPrefixLen
Specifies the network prefix length. The default is none.
NetworkAfMetric
Specifies the metric used when an update is sent for the routes in the network table. The metric configures the MED for the routes advertised to EBGP peers. The range is 0 to 65535. The default is 0.
Configuring BGP peers Create new peer configurations to join peers to a specified subscriber group. With BGP+, the peers must be IPv4 peers.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
68 BGP configuration using Enterprise Device Manager
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Peers tab.
4
Click Insert.
5
Configure the peer as required.
6
Click Insert.
7
Enable the new peer. In the Peers tab, in the Enable column, select enable. By default, new peer configuration parameters are set to disable.
8
Click Apply.
9
To modify a peer, double-click the parameter and select a new value. Some parameters, like BfdEnable, can only be configured after the peer is created. --End--
Variable definitions Use the data in the following table to create new peer configurations. Variable
Value
RemoteAddr
Specifies the IP address of this peer or subscriber group. The default is none. (Peer creation is not possible without a remote address.)
GroupName
Specifies the peer group name to which this peer belongs (optional). The default is none.
PeerState
Specifies the BGP peer connection state: idle, connect, active, opensent, openconfirm, or established.
RemoteAs
Configures a remote AS number for the peer or peer-group in the range 0 to 65535. The default is 0.
Enable
Controls whether the peer connection is enabled or disabled. The default is disabled.
EbgpMultiHop
Enables or disables a connection to a BGP peer that is more than one hop away from the local router. The default value is disable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BGP peers
69
Variable
Value
RoutePolicyIn
Specifies the route policy that applies to all IPv4 networks learned from this peer. The default value is none. To remove a route policy, double-click under the RoutePolicyIn column, hit Ctrl and highlight the policy to remove, and click OK.
RoutePolicyOut
Specifies the route policy that applies to all outgoing IPv4 updates to this peer. The default value is none. To remove a route policy, double-click under the RoutePolicyOut column, hit Ctrl and highlight the policy to remove, and click OK.
RemovePrivateAs
Strips (when enabled) private AS numbers when the switch sends an update. The default is enable.
UpdateSourceInterface
Specifies the IP address to be used as the Circuitless IP. Applicable only for iBGP connections.
ConnectRetryInterval
Specifies the time interval (in seconds) for the ConnectRetry timer. The suggested value for this timer is 120 seconds (the default).
HoldTimeConfigured
Specifies the time interval (in seconds) for the Hold Time for this BGP speaker with this peer. This value is placed in an OPEN message sent to this peer by this BGP speaker, and is compared with the HoldTime in an OPEN message received from the peer when the switch determines the Hold Time with the peer. The HoldTime must be at least three seconds. if it is zero, the Hold Time is not to be established with the peer. The suggested value for this timer is 90 seconds. The default is 180 seconds.
KeepAliveConfigured
Specifies the time interval (in seconds) for the KeepAlive timer configured for this BGP speaker with this peer. KeepAliveConfigured determines the KEEPALIVE messages frequency relative to HoldTimeConfigured; the actual time interval for the KEEPALIVE messages is indicated by KeepAlive. The recommended maximum value for this timer is one-third of HoldTimeConfigured. If KeepAliveConfigured is zero, no periodic KEEPALIVE messages are sent to the peer after the BGP connection is established. The suggested
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
70 BGP configuration using Enterprise Device Manager
Variable
Value value for this timer is 30 seconds. The default is 60.
MD5Authentication
Enables and disables MD5 authentication. The default is disable.
AdvertisementInterval
Specifies the time interval (in seconds) that elapses between each transmission of an advertisement from a BGP neighbor. The default value is 30 seconds and the range is 5 to 120 seconds.
DefaultOriginate
When enabled, allows the local router to send the default IPv4 route to the neighbor for use as a default route. The default value is disable.
DefaultOriginateIpv6
When enabled, allows the local router to send the default IPv6 route to the neighbor for use as a default route. The default value is disable.
Weight
Specifies this peer’s or peer groups’ weight, or the priority of updates that can be received from this BGP peer. The default value is 100 and the range is 0 to 65535.
MaxPrefix
Sets a limit on the number of routes that are accepted from a neighbor. The default value is 12000 routes and the range is 0 to 2147483647. 0 means there is no limit to the number of routes that are accepted.
NextHopSelf
Specifies that the next-hop attribute in an IBGP update is the address of the local router or the router that generates the IBGP update. The default is false.
RouteReflectorClient
Specifies that this peer is a route reflector client. The default is false.
SoftReconfigurationIn
When enabled, the router relearns routes from the specified neighbor or group of neighbors without resetting the connection when the policy changes in the inbound direction. The default value is enable. Enabling SoftReconfigurationIn causes all BGP routes to be stored in local memory (even non-best routes).
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BGP peers
Variable
Value
DebugMask
Displays the specified debug information for the BGP peer. The default value is none.
• • •
none disables all debug messages.
•
packet enables the display of debug packet messages.
•
event enables the display of debug event messages.
•
trace enables the display of debug trace messages.
•
warning enables the display of debug warning messages.
•
state enables display of debug state transition messages.
•
init enables the display of debug initialization messages.
•
filter enables the display of debug messages related to filtering.
•
update enables display of debug messages related to updates transmission and reception.
71
all enables all debug messages. error enables the display of debug error messages.
SendCommunity
Enables or disables sending the update message’s community attribute to the specified peer. The default value is disable.
Vpnv4Address
Enables BGP address families for IPv4 (BGP) and L3 VPN (MP-BGP) support. Enable this parameter for VPN/VRF Lite routes. The default is disable.
IpvpnLiteCap
Specifies (when enabled) that IP VPN Lite capability can be enabled or disabled on the BGP neighbor peer. The default is disable.
Ipv6Cap
Specifies (when enabled) that IPv6capability can be enabled or disabled on the BGP neighbor peer. The default is disable.
RouteRefresh
Configures a route refresh for the BGP peer.
AsOverride
Specifies that the AS Override parameter can be enabled or disabled for the BGP peer. The default is disable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
72 BGP configuration using Enterprise Device Manager
Variable
Value
AllowAsIn
Specifies the number of AS-in allowed for the BGP peer. The range is 0 to 10. The default is 0.
Ipv6RoutePolicyIn
Specifies the route policy that applies to all IPv6 networks learned from this peer. The default value is none. To remove a route policy, double-click under the Ipv6RoutePolicyIn column, hit Ctrl and highlight the policy to remove, and click OK.
Ipv6RoutePolicyOut
Specifies the route policy that applies to all outgoing IPv6 updates to this peer. The default value is none. To remove a route policy, double-click under the Ipv6RoutePolicyOut column, hit Ctrl and highlight the policy to remove, and click OK.
BfdEnable
Enables Bidirectional Forwarding Detection (BFD) on this BGP peer. The default is disable.
Configuring peer groups Configure or edit peer groups when setting update policies for neighbors in the same group. This procedure applies for BGP+ as well as for IPv4 BGP.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Peer Groups tab. You can modify a parameter by double-clicking the parameter.
4
Click Insert.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring peer groups
73
5
Use the following variable definitions table to configure the peer group as required.
6
Click Insert.
7
Enable the new peer group. In the Peer Groups tab, in the Enable column, select enable.
8
Click Apply. --End--
Variable definitions Use the data in the following table to configure or edit peer groups Variable
Value
Index
Specifies the index of this peer group. The range is 1 to 1024.
GroupName
Specifies the peer group to which this neighbor belongs. The default value is none. (Peer group creation is not possible without a name)
Enable
Enables or disables the peer group. The default value is disable.
RemoteAs
Configures a remote AS number for the peer-group in the range 0 to 65535. The default value is 0.
DefaultOriginate
When enabled, allows the local router to send the default IPv4 route to the neighbors in that peer group for use as a default route. The default value is disable.
EbgpMultiHop
When enabled, allows the local router to send the default IPv6 route to the neighbors in that peer-group for use as a default route. The default value is disable.
AdvertisementInterval
Specifies the time interval (in seconds) that elapses between BGP routing updates. The default value is 30 seconds and the range is 1 to 120 seconds.
KeepAlive
Specifies the time interval (in seconds) between sent BGP keep alive messages to remote peers. The range is 1 to 21845 and the default value is 60.
HoldTime
Configures the hold time for the group of peers in seconds. The suggested value is three times the value of the KeepAlive time. The range is 3 to 65535 and the default value is 180.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
74 BGP configuration using Enterprise Device Manager
Variable
Value
Weight
Assigns an absolute weight to a BGP network. The default value is 100 and the range is 0 to 65535.
MaxPrefix
Specifies the limit on the number of routes that is accepted from this group of neighbors. A value of zero indicates no limit The default value is 12000 routes and the range is 0 to 2147483647.
NextHopSelf
Specifies that the switch must set the NextHop attribute to the local router address before it sends updates to remote peers. The default value is false.
RoutePolicyIn
Specifies the route policy that applies to all IPv4 networks learned from this group of peers. The default value is none. To remove a route policy, double-click under the RoutePolicyIn column, hit Ctrl and highlight the policy to remove, and click OK.
RoutePolicyOut
Specifies the route policy that applies to all outgoing IPv4 updates to this group of peers. The default value is none. To remove a route policy, double-click under the RoutePolicyOut column, hit Ctrl and highlight the policy to remove, and click OK.
RouteReflectorClient
Specifies that peers in this group are route reflector clients. The default value is false.
SoftReconfigurationIn
When enabled, the router relearns routes from the specified neighbor or group of neighbors without resetting the connection when the policy changes in the inbound direction. The default value is enable. Enabling SoftReconfigurationIn causes all BGP routes to be stored in local memory (even non-best routes).
MD5Authentication
Enables and disables MD5 authentication. The default is disable.
RemovePrivateAs
Strips (when enabled) private AS numbers when the switch sends an update. The default is enable.
SendCommunity
Enables or disables sending the update message’s community attribute to the specified peer group. The default value is disable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring peer groups
75
Variable
Value
Vpnv4Address
Specifies the VPNv4 routes. Enable this parameter for VPN/VRF Lite routes. The default is disable.
IpvpnLiteCap
Specifies (when enabled) that IP VPN Lite capability can be enabled or disabled on the BGP neighbor peer group. The default is disable.
SooAddress
Specifies the site of origin (SOO) IP address. The default is 0.0.0.0.
SooAsNumber
Specifies the AS number for the SOO for the BGP peer group. The range is 0 to 65535. The default is 0.
SooAssignedNum
Specifies the assigned number required, along with the AS number or address, to configure the SOO for the BGP peer group. The range is 0 to 2147483647. The default is 0.
SooType
Specifies the SOO type as an AS number or IP address. The default is none.
RouteRefresh
Enables or disables IP VPN Route Refresh for the BGP peer group. If enabled, a route refresh request received by a BGP speaker causes the speaker to resend all route updates it contains in its database that are eligible for the peer that issues the request. The default is disable.
AsOverride
Specifies that the AS Override parameter can be enabled or disabled for the BGP peer group. The default is disable.
AllowAsIn
Specifies the number of AS-in allowed for the BGP peer group. The range is 1 to 10. The default is 0.
DefaultOriginateIpv6
When enabled, allows the local router to send the default IPv6 route to a group of neighbors for use as a default route. The default value is disable.
UpdateSourceInterface
The Inet address to use for circuitless IP for this peer group.
Ipv6Cap
When enabled, specifies that the ipv6 capability can be enabled or disabled on the BGP neighbor peer group. The default value is disable.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
76 BGP configuration using Enterprise Device Manager
Variable
Value
Ipv6RoutePolicyIn
Specifies the route policy that applies to all IPv6 networks learned from this group of peers. The default value is none. To remove a route policy, double-click under the Ipv6RoutePolicyIn column, hit Ctrl and highlight the policy to remove, and click OK.
Ipv6RoutePolicyOut
Specifies the route policy that applies to all outgoing IPv6 updates to this group of peers. The default value is none. To remove a route policy, double-click under the Ipv6RoutePolicyOut column, hit Ctrl and highlight the policy to remove, and click OK.
Viewing BGP summary route information You can display current BGP route information. This procedure does not apply for IPv6 routes.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Bgp Route Summary tab. --End--
Variable definitions Use the data in the following table to understand BGP route information.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Viewing IPv6 BGP+ summary route information
Variable
Value
Prefix
Specifies the IP address prefix in the Network Layer Reachability Information (NLRI) field. This is an IP address that contains the prefix with a length specified by IpAddrPrefixLen. Any bits beyond the length specified by IpAddrPrefixLen are set to zero.
PrefixLen
Specifies the length, in bits, of the IP address prefix in the NLRI field.
LocalAddr
The local address of this entry’s BGP connection.
RemoteAddr
Specifies the IP address of the peer from which path information was learned.
77
Viewing IPv6 BGP+ summary route information You can display current IPv6 BGP+ route information.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IPv6.
2
Double-click BGP+.
3
Click the Bgp Route Summary tab. --End--
Variable definitions Use the data in the following table to understand BGP route information. Variable
Value
Prefix
Specifies the IP address prefix in the Network Layer Reachability Information (NLRI) field. This is an IP address that contains the prefix with a length specified by IpAddrPrefixLen. Any bits beyond the length specified by IpAddrPrefixLen are set to zero.
PrefixLen
Specifies the length, in bits, of the IP address prefix in the NLRI field.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
78 BGP configuration using Enterprise Device Manager
Variable
Value
LocalAddr
The local address of this entry’s BGP connection.
RemoteAddr
Specifies the IP address of the peer from which path information was learned.
Displaying dampened routes information You can view dampened path information to see which routes are suppressed. This procedure does not apply for IPv6 routes.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
•
Dampened routes must be enabled for the data to be up-to-date (Generals tab, FlapDampEnable option).
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Dampened Routes tab. --End--
Variable definitions Use the data in the following table to understand dampened path information. Variable
Value
IpAddrPrefix
Specifies the IP address prefix in the Network Layer Reachability Information (NLRI) field. This is an IP address that contains the prefix with a length specified by IpAddrPrefixLen. Any bits beyond the length specified by IpAddrPrefixLen are set to zero.
IpAddrPrefixLen
Specifies the length, in bits, of the IP address prefix in the NLRI field.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring redistribution to BGP for VRF 0 79
Variable
Value
Peer
Specifies the IP address of the peer where the path information was learned.
FlapPenalty
Specifies the penalty based on number of route flaps.
FlapCount
Specifies the number of times a route flapped (went down and came up) since the last time the penalty was reset to zero.
RouteDampened
Indicates whether this route is suppressed or announced.
ReuseTime
Specifies the system-configured time for route reuse.
Configuring redistribution to BGP for VRF 0 Configure redistribute entries for BGP to announce routes of a certain source type to BGP, for example, direct, static, RIP, and OSPF. If a route policy is not configured, then the switch uses the default action based on metric, metric type, and subnet. Use a route policy to perform detailed redistribution. For more information about route redistribution using the IP, Policy, Route Redistribution tab, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523). This procedure does not apply for IPv6 routes.
Prerequisites
•
To configure BGP on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
•
If required, a route policy exists.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Redistribute tab.
4
Click Insert.
5
Configure the source protocols.
6
If required, choose a route policy.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
80 BGP configuration using Enterprise Device Manager
7
Configure the metric to apply to redistributed routes.
8
Enable the redistribution instance.
9
Click Insert. --End--
Variable definitions Use the data in the following table to configure redistribute entries. Variable
Value
DstVrfId
Specifies the destination VRF instance (read-only). For the current release, only VRF 0 redistribution is supported.
Protocol
Specifies the protocols that receive the redistributed routes (bgp).
SrcVrfId
Specifies the source VRF instance (read-only). For the current release, only VRF 0 redistribution is supported.
RouteSource
Specifies the source protocol for the route redistribution entry: direct, static, rip, or direct.
Enable
Enables (or disables) a BGP redistribute entry for a specified source type. The default is disable.
RoutePolicy
Sets the route policy to be used for the detailed redistribution of external routes from a specified source into the BGP domain. The default is none.
Metric
Sets the metric for the redistributed route. The value can be a range between 0 to 65535. The default value is 0. Nortel recommends that you use a value that is consistent with the destination protocol.
Configuring redistribution to BGP+ for VRF 0 Configure redistribute entries for BGP to announce routes of a certain source type to BGP, for example, direct, static, and OSPF. If a route policy is not configured, then the switch uses the default action based on metric, metric type, and subnet. Use a route policy to perform detailed redistribution. For more information about route redistribution using the IPv6, Policy, Route Redistribution tab, see Nortel Ethernet Routing Switch 8600 Configuration — IPv6 Routing (NN46205-504).
Prerequisites
•
If required, a route policy exists.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring redistribution to BGP+ for VRF 0 81
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IPv6.
2
Double-click BGP+.
3
Click the Redistribute tab.
4
Click Insert.
5
Configure the source protocols.
6
If required, choose a route policy.
7
Configure the metric to apply to redistributed routes.
8
Enable the redistribution instance.
9
Click Insert. --End--
Variable definitions Use the data in the following table to configure redistribute entries. Variable
Value
DstVrfId
Specifies the destination VRF instance (read-only). For the current release, only VRF 0 redistribution is supported.
Protocol
Specifies the protocols that receive the redistributed routes (bgp).
SrcVrfId
Specifies the source VRF instance (read-only). For the current release, only VRF 0 redistribution is supported.
RouteSource
Specifies the source protocol for the route redistribution entry: direct, static, rip, or direct.
Enable
Enables (or disables) a BGP redistribute entry for a specified source type. The default is disable.
Metric
Sets the metric for the redistributed route. The value can be a range between 0 to 65535. The default value is 0. Nortel recommends that you use a value that is consistent with the destination protocol.
RoutePolicy
Sets the route policy to be used for the detailed redistribution of external routes from a specified source into the BGP domain. The default is none.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
82 BGP configuration using Enterprise Device Manager
Configuring a prefix list Use prefix lists to allow or deny specific route updates. A prefix list policy specifies route prefixes to match. When there is a match, the route is used. This procedure does not apply for IPv6 BGP+.
Prerequisites
•
To configure a BGP prefix list on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click Policy.
3
In the Prefix List tab, click Insert.
4
Edit the parameters as required.
5
Click Insert. --End--
Variable definitions Use the data in the following table to use the Prefix List tab. Variable
Value
Id
Specifies the prefix list. The range is 0 to 65535.
Prefix
Specifies the prefix IP address.
PrefixMaskLen
Specifies the length of the prefix mask. You must enter the full 32-bit mask to exact a full match of a specific IP address (for example, when creating a policy to match the next-hop).
Name
Names a specified prefix list during the creation process or renames the specified prefix list. The name can be from 1 to 64 characters in length.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring an IPv6 prefix list
83
Variable
Value
MaskLenFrom
Specifies the lower bound on the mask length. The default is the mask length. Lower bound and higher bound mask lengths together can define a range of networks.
MaskLenUpto
Specifies the higher bound mask length. The default is the mask length. Lower bound and higher bound mask lengths together can define a range of networks.
Configuring an IPv6 prefix list Use IPv6 prefix lists to allow or deny specific route updates. A prefix list policy specifies route prefixes to match. When there is a match, the route is used.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IPv6.
2
Double-click Policy.
3
In the Prefix List tab, click Insert.
4
Edit the parameters as required.
5
Click Insert. --End--
Variable definitions Use the data in the following table to use the Prefix List tab. Variable
Value
Id
Specifies the prefix list. The range is 0 to 65535.
Prefix
Specifies the prefix IPv6 address.
PrefixMaskLen
Specifies the length of the prefix mask. You must enter the full 128-bit mask to exact a full match of a specific IPv6 address (for example, when creating a policy to match the next-hop).
Name
Names a specified prefix list during the creation process or renames the specified prefix list. The name can be from 1 to 64 characters in length.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
84 BGP configuration using Enterprise Device Manager
Variable
Value
MaskLenFrom
Specifies the lower bound on the mask length. The default is the mask length. Lower bound and higher bound mask lengths together can define a range of networks.
MaskLenUpto
Specifies the higher bound mask length. The default is the mask length. Lower bound and higher bound mask lengths together can define a range of networks.
Configuring an AS path list The As Path List is used with route policies and contains one or multiple AS path entries. Use an AS path list to restrict the routing information a router learns or advertises to and from a neighbor. The AS path list acts as a filter that matches AS paths. This procedure applies for IPv6 routes as well as for IPv4 routes.
Prerequisites
•
To configure a BGP AS path list on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click Policy.
3
Click the As Path List tab.
4
Click Insert.
5
Enter the appropriate information for your configuration.
6
Click Insert. --End--
Variable definitions Use the data in the following table to use the As Path List parameters.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring a community access list
85
Variable
Value
Id
Specifies the AS Path list. The range is 0 to 1024.
MemberId
Specifies the AS Path Access List member ID. The range is 0 to 65535.
Mode
Specifies the action to be taken when a policy is selected for a specific route. Select permit (allow the route) or deny (ignore the route).
AsRegularExpression
The expression that is to be used for the AS path.
Configuring a community access list The Community List is used with route policies and contains one or multiple Community List entries. Use community lists to specify permitted routes by using their BGP community. This list acts as a filter that matches communities or AS numbers. This procedure applies for IPv6 routes as well as for IPv4 routes.
Prerequisites
•
To configure a BGP community list on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click Policy.
3
Click the Community List tab.
4
Click Insert.
5
Configure the list as required.
6
Click Insert. --End--
Variable definitions Use the data in the following table to use the Community List tab.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
86 BGP configuration using Enterprise Device Manager
Variable
Value
Id
Specifies the Community List. The range is 0 to 1024.
MemberId
Specifies the Community List member ID. The range is 0 to 65535.
Mode
Specifies the action to be taken when a policy is selected for a specific route. Select permit (allow the route) or deny (ignore the route).
Community
Specifies the community access list community string.
Configuring an extended community list The extended community list is used with route policies and contains one or multiple Community List entries. Use community lists to specify permitted routes by BGP extended community attributes, including route targets and sites of origin (SOO). This list acts as a filter that matches route targets and SOO. This procedure applies for IPv6 routes as well as for IPv4 routes.
Prerequisites
•
To configure a BGP extended community list on a specific VRF instance, login to the VRF instance as required. The VRF must have an RP Trigger of BGP. Not all parameters are configurable on nonzero VRFs.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click Policy.
3
Click the Ext Community List tab.
4
Click Insert.
5
Configure the list as required.
6
Click Insert. --End--
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring an extended community list
87
Variable definitions Use the data in the following table to use the Ext Community List tab. Variable
Value
Id
Specifies the extended community list. The range is 0 to 1024.
MemberId
Specifies the community list member ID. The range is 0 to 65535.
RTType
Specifies the route target type for the extended community rule. The type can be: none, AS number, or IP address.
RTAddress
Specifies the extended community IP address for the route target entry.
RTAsNumber
Specifies the extended community AS number for the route target entry. The range is 0 to 65535.
RTAssignedNum
Specifies the extended community assigned number. The range is 0 to 2147483647.
SooType
Specifies the SOO type for the extended community rule.
SooAddress
Specifies the site of origin.
SooAsNumber
Specifies the extended community AS number for the site of origin. The range is 0 to 65535.
SooAssignedNum
Specifies the extended community assigned number for the site of origin. The range is 0 to 2147483647.
VrfId
Specifies the VRF instance.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
88 BGP configuration using Enterprise Device Manager
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
89
.
BFD configuration using Enterprise Device Manager Use Bidirectional Forwarding Detection (BFD) to help speed convergence time and to provide connectivity detection with a minimum of overhead. To enable BFD between two peers, perform the following steps on each peer:
1. Enable BFD globally. 2. Configure BFD on the required interfaces. 3. To start a BFD session with a next-hop device, enable BFD on the required routing protocols.
Navigation • • • • • •
“Enabling BFD globally” (page 89) “Configuring BFD on a VLAN interface” (page 90) “Configuring BFD on a brouter port” (page 91) “Configuring BFD properties for an interface” (page 93) “Viewing BFD statistics” (page 94) “Viewing BFD session information” (page 95)
Enabling BFD globally Use this procedure to enable BFD on the switch.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
90 BFD configuration using Enterprise Device Manager
2
Double-click BFD.
3
To enable BFD, choose enabled in the AdminStatus box.
4
To enable BFD traps, select the TrapEnable box.
5
Click Apply. --End--
Variable definitions Use the data in the following table to use the BFD tab. Variable
Value
AdminStatus
Globally enables or disables BFD. The default is disabled.
VersionNumber
Specifies the version of the BFD protocol running on the switch.
TrapEnabled
Enables (SNMP) traps for BFD. The default is disabled.
Configuring BFD on a VLAN interface Use this procedure to enable BFD on a VLAN interface.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, VLAN.
2
Double-click VLANs.
3
Select the desired VLAN, and click IP.
4
Choose the BFD tab.
5
To enable BFD, choose enable in the Enable box.
6
To configure the BFD receive interval, enter a value in the MinRxInterval box.
7
To configure the BFD transmit interval, enter a value in the TxInterval box.
8
To configure the multiplier value, enter a value in the Multiplier box.
9
To configure the BFD holddown time, enter a value in the HoldOffInterval box.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BFD on a brouter port 91
10
Click Apply. --End--
Variable definitions Use the data in the following table to use the BFD tab. Variable
Value
Enable
Enables or disables BFD on the VLAN. The default is disabled.
MinRxInterval
Specifies the minimum required interval that the switch supports between received BFD Control packets. The range is to 100 to 65535 milliseconds, with a default of 200.
TxInterval
Specifies the minimum interval that the local switch would like to use when it transmits BFD Control packets. The range is 100 to 65535 milliseconds, with a default of 200.
Multiplier
Specifies the detection time multiplier for asynchronous mode. The negotiated transmit interval, multiplied by this multiplier, provides the detection time for the transmitting system. The range is 2 to 20. The default value is 3.
HoldOffInterval
Specifies the BFD holddoff time interval, from 0 to 65535 seconds. If set to 0 (the default), the holdoff timer is disabled.
Configuring BFD on a brouter port Use this procedure to enable BFD on a brouter port.
Procedure steps Step
Action
1
In the Device Physical View, select the brouter port to configure.
2
In the navigation tree, open the following folders: Configuration, Edit, Port.
3
Double-click IP.
4
Choose the BFD tab.
5
To enable BFD, choose enable in the Enable box.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
92 BFD configuration using Enterprise Device Manager
6
To configure the minimum receive interval, enter a value in the MinRxInterval box.
7
To configure the minimum transmit interval, enter a value in the TxInterval box.
8
To configure the multiplier value, enter a value in the Multiplier box.
9
To configure the BFD holddown time, enter a value in the HoldOffInterval box.
10
Click Apply. --End--
Variable definitions Use the data in the following table to use the BFD tab. Variable
Value
Enable
Enables or disables BFD on the brouter port. The default is disabled.
MinRxInterval
Specifies the minimum required interval that the switch supports between received BFD Control packets. The range is to 100 to 65535 milliseconds, with a default of 200.
TxInterval
Specifies the minimum interval that the local switch would like to use when it transmits BFD Control packets. The range is 100 to 65535 milliseconds, with a default of 200.
Multiplier
Specifies the detection time multiplier for asynchronous mode. The negotiated transmit interval, multiplied by this multiplier, provides the detection time for the transmitting system. The range is 2 to 20. The default value is 3.
HoldOffInterval
Specifies the BFD holdoff time interval, from 0 to 65535 seconds. If set to 0 (the default), the holdoff timer is disabled.
Enabling BFD on a BGP routing interface Use this procedure to enable BFD on a BGP routing interface.
Prerequisites
•
Configure a BGP peer.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Configuring BFD properties for an interface
93
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BGP.
3
Click the Peers tab.
4
To enable BFD on a peer, double-click the BfdEnable parameter and select enable.
5
Click Apply. --End--
Configuring BFD properties for an interface Use this procedure to enable BFD on an interface.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BFD.
3
Click the Interfaces tab.
4
To enable BFD, double-click the Enable column for the desired interface and choose enable.
5
Click Apply. --End--
Variable definitions Use the data in the following table to use the BFD tab. Variable
Value
IfIndex
Specifies an index used to represent a unique BFD session on this device.
Enable
Enables or disables BFD on the VLAN. The default is disabled.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
94 BFD configuration using Enterprise Device Manager
Variable
Value
MinRxInterval
Specifies the minimum required interval that the switch supports between received BFD Control packets. The range is to 100 to 65535 milliseconds, with a default of 200.
TxInterval
Specifies the minimum interval that the local switch would like to use when it transmits BFD Control packets. The range is 100 to 65535 milliseconds, with a default of 200.
Multiplier
Specifies the detection time multiplier for asynchronous mode. The negotiated transmit interval, multiplied by this multiplier, provides the detection time for the transmitting system. The range is 2 to 20. The default value is 3.
HoldOffInterval
Specifies the BFD holddoff time interval, from 0 to 65535 seconds. If set to 0 (the default), the holdoff timer is disabled.
Viewing BFD statistics Use this procedure to view BFD statistical information.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BFD.
3
Select the Statistics tab. --End--
Variable definitions Use the data in the following table to use the Statistics tab. Variable
Value
Discriminator
Specifies the local discriminator for this BFD session, used to uniquely identify it.
RemoteDiscr
Specifies the session discriminator chosen by the remote system for this BFD session.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Viewing BFD session information
Variable
Value
Addr
Specifies IP address of the interface associated with this BFD session. The value is set to zero when the BFD session is not associated with a specific interface.
PerfPktIn
The total number of BFD messages received for this BFD session.
PerfPktOut
The total number of BFD messages sent for this BFD session.
95
Viewing BFD session information Use this procedure to view BFD session information.
Procedure steps Step
Action
1
In the navigation tree, open the following folders: Configuration, IP.
2
Double-click BFD.
3
Select the Session tab. --End--
Variable definitions Use the data in the following table to use the Session tab. Variable
Value
Discriminator
Specifies the local discriminator for this BFD session, used to uniquely identify it.
RemoteDiscr
Specifies the session discriminator chosen by the remote system for this BFD session.
PeerAddr
Specifies the IP address of the interface associated with this BFD session. The value is set to zero when the BFD session is not associated with a specific interface.
State
Specifies the state of the BFD session: • adminDown
• • • DetectMult
down init up
Specifies the Detect time multiplier.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
96 BFD configuration using Enterprise Device Manager
Variable
Value
DesiredMinTxInterval
Specifies the minimum interval, in microseconds, that the local system would like to use when transmitting BFD Control packets.
ReqMinRxInterval
Specifies the minimum interval, in microseconds, between received BFD Control packets the local system is capable of supporting.
PeerState
The perceived peer state of the BFD session.
• • • •
adminDown down init up
App
Specifies the applications configured on this BFD session.
AppRun
Specifies the applications running on this BFD session.
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
97
.
BGP configuration using the CLI Configure BGP to create and maintain an interdomain routing system that guarantees loop-free routing information between autonomous systems. The Ethernet Routing Switch 8600 supports BGP with IPv4 and IPv6 networks. Most IPv4 BGP configuration commands are applicable to BGP+ as well. When using the BGP+ functionality, additional configurations are needed to install the routes in the IPv6 RTM and for the IPv6 traffic originated from one IPv6 island to reach the other IPv6 island. These are IPv6 tunnel and static route configurations specific to the BGP+ peers. For more information, see “BGP+ tunnel configuration examples” (page 231). For information about configuring IP VPN with BGP, see Nortel Ethernet Routing Switch 8600 Configuration — IP VPN (NN46205-520). For information about configuring route policies for BGP, see Nortel Ethernet Routing Switch 8600 Configuration — IP Routing (NN46205-523). All information about statistics is moved to Nortel Ethernet Routing Switch 8600 Performance Management (NN46205-704).
Navigation • • • • • • • •
“Job aid: Roadmap of BGP CLI commands” (page 98) “Job aid: Roadmap of BGP+ CLI commands” (page 102) “Job aid: Roadmap of VRF Lite BGP CLI commands” (page 106) “Configuring BGP globally” (page 58) “Configuring BGP confederations” (page 117) “Configuring BGP peers or peer groups” (page 119) “Configuring redistribution to BGP+ for VRF 0” (page 128) “Configuring redistribution to BGP+ for VRF 0” (page 80)
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
98 BGP configuration using the CLI
• • • • • •
“Configuring a prefix list” (page 129) “Configuring an IPv6 prefix list” (page 131) “Configuring AS path lists” (page 132) “Configuring community lists” (page 133) “Configuring extended community lists” (page 135) “BGP show commands” (page 136)
Job aid: Roadmap of BGP CLI commands The following roadmap lists all the BGP commands and their parameters. Use this list as a quick reference. Table 4 Job aid: Roadmap of BGP CLI commands Command
Parameter
config ip bgp
aggregate-address [as-set ] [summary-only ] [suppress-map ] [advertise-map ] [attribute-map ] aggregation always-cmp-med auto-peer-restart auto-summary cl-to-cl-reflection cluster-id comp-bestpath-med-confed debug-screen [] default-local-pref default-metric deterministic-med disable enable flap-dampening global-debug mask ibgp-report-import-rt ignore-illegal-rtrid info local-as
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Job aid: Roadmap of BGP CLI commands
Table 4 Job aid: Roadmap of BGP CLI commands (cont’d.) Command
Parameter max-equalcost-routes neighbor-debug-all mask network [metric ] no-med-path-is-worst orig-def-route quick-start restart route-reflection route-refresh router-id stats-clear synchronization traps
config ip bgp confederation
identifier info peers
config ip bgp neighbor
address-family {ipv6 | vpnv4}
admin-state bfd connect-retry-interval create delete ebgp-multihop hold-time info ipvpn-lite-capability keepalive-time max-prefix MD5-authentication neighbor-debug mask
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
99
100
BGP configuration using the CLI
Table 4 Job aid: Roadmap of BGP CLI commands (cont’d.) Command
Parameter nexthop-self originate-def-route password peer-group remote-as remove-private-as restart [soft-reconfiguration ] route-advertisement-interval route-policy route-reflector-client route-refresh send-community soft-reconfiguration-in stats-clear update-source-interface weight
config ip bgp redistribute apply config ip bgp redistribute
apply [vrf-src ] create [vrf-src ] delete [vrf-src ] disable [vrf-src ] enable [vrf-src ] info [vrf-src ] metric [vrf-src ] route-policy [vrf-src ] [clear]
config ip as-list
create delete [] [] info
Nortel Ethernet Routing Switch 8600 Configuration — BGP Services NN46205-510 04.01 21 December 2009 Copyright © 2008-2009 Nortel Networks. All Rights Reserved.
Job aid: Roadmap of BGP CLI commands
101
Table 4 Job aid: Roadmap of BGP CLI commands (cont’d.) Command
Parameter
config ip co mmunity-list
add-community delete info remove-community [memberId ] [community-string ]
config ip extc ommunity-list
add-extcommunity [rt
