Connections between BGP speakers of different ASs are referred to as External BGP (EBGP) connections. BGP enforces the rule that peer routers for EBGP connections need to be on a directly attached network. If the peer routers are multiple hops away from each other or if multiple links are between them, you can override this restriction by enabling the EBGP multihop feature. TCP connections between EBGP peers are tied to the addresses of the outgoing interfaces. Therefore, a single interface failure severs the session even if a viable path exists between the peers.
EBGP multihop support can provide redundancy so that an EBGP peer session persists even in the event of an interface failure. Using an address assigned to the loopback interface for the EBGP peering session ensures that the TCP connection stays up even if one of the links between them is down, provided the peer loopback address is reachable. In addition, you can use EBGP multihop support to balance the traffic among all links.
Use the TTL (Time to Live) parameter to limit the number of hops over which the External BGP (EBGP) multihop session is established. You can configure the TTL only if EBGP multihop is enabled. The default TTL is 64. When multihop is disabled the default TTL is 1.
When traffic comes from a router that is not directly connected and multihop is enabled, BGP uses that router as the next hop, irrespective of the advertised routes that it gets.
Important - Enabling multihop BGP connections is dangerous because BGP speakers might establish a BGP connection through a third-party AS. This can violate policy considerations and introduce forwarding loops. |
Route dampening decreases the propagation of flapping routes. A flapping route is a route that repeatedly becomes available and then unavailable. Without route dampening, autonomous systems continually send advertisement and withdrawal messages each time the flapping route becomes available or unavailable. As the Internet grew, the number of announcements per second grew as well and caused performance problems within the routers.
Route dampening enables routers to keep a history of the flapping routes and prevent them from consuming significant network bandwidth. The routers measure how often a given route becomes available and then unavailable. When a route reaches a set threshold, that route is no longer considered valid, and is no longer propagated for a given period of time, usually about 30 minutes. If a route continues to flap even after it reaches the threshold, the time out period for that route grows in proportion to each additional flap. Once the route reaches the threshold, the route is dampened or suppressed. Suppressed routes are added back into the routing table once the penalty value decreases and falls below the reuse threshold.
Route dampening can cause connectivity to look lost to the outside world but maintained on your own network because route dampening only applies to BGP routes. Because of high load on the backbone network routers, most NSPs (MCI, Sprint, UUNet etc.) have set up route suppression.
Note - BGP route dampening is supported only for EBGP. It is not supported for IBGP. |
The Internet is vulnerable to attack through its routing protocols and BGP is no exception. External sources can disrupt communications between BGP peers by breaking their TCP connection with spoofed RST packets. Internal sources, such as BGP speakers, can inject bogus routing information from any other legitimate BGP speaker. Bogus information from either external or internal sources can affect routing behavior over a wide area in the Internet.
The TCP MD5 option allows BGP to protect itself against the introduction of spoofed TCP segments into the connection stream. To spoof a connection using MD5 signed sessions, the attacker not only has to guess TCP sequence numbers, but also the password included in the MD5 digest.
Note - TCP MD5 is not supported on BGP IPv6 peers.
This section gives per-field help for the fields in the Advanced Routing > BGP section of the Gaia Portal.
Note - Not all fields are shown in all cases. |
To configure BGP:
Parameter |
Description |
---|---|
Router ID |
The Router ID uniquely identifies the router in the autonomous system. The BGP and OSPF protocols use the router ID. Best Practice - set the router ID rather and rather then rely on the default setting. This prevents changes in the router ID if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1). Note - In a cluster, you must select a router ID and make sure that it is the same on all cluster members.
|
Cluster ID for Route Reflectors |
The cluster ID used for route reflection. The default cluster ID is the router ID. You must override this default value if the cluster contains more than one route reflector. Typically, a single router acts as the reflector for a set, or cluster, of clients. However, for redundancy two or more routers can also be configured as reflectors for the same cluster. In this case, you must select a cluster ID to identify all reflectors serving the cluster. Gratuitous use of multiple redundant reflectors is not advised, for this situation can cause an increase in the memory required to store routes on the redundant reflectors peers.
|
Local Autonomous System Number |
The local autonomous system number of the router. |
Change Local System Identification
Parameter |
Description |
---|---|
Unconfigured |
|
Local Autonomous System Number |
The local autonomous system number of the router. This setting is mutually exclusive from the Confederation and Routing Domain Identifier. The router can be configured with either the autonomous system number or the member of confederation, not both. Caution: When you change the autonomous system number, all current peer sessions are reset and all BGP routes are deleted.
|
Confederation |
The identifier for the entire confederation system. This identifier is used as the AS in external BGP sessions. To the outside world, the confederation ID is the AS number of the single, large AS. For this reason, the confederation ID must be a globally unique, normally assigned AS number.
|
Number of loops permitted in AS_PATH |
For the confederation: The number of times the local autonomous system can appear in an AS path for BGP-learned routes. If the number of times the local autonomous system appears in an AS path is more than the number in this field, the corresponding routes are discarded or rejected.
|
Routing Domain Identifier |
The routing domain identifier (RDI) of this router. This value is required only if BGP confederations are in use. The RDI does not have to be globally unique since it is never used outside the domain of the confederation system. However, the configured RDI must be unique within the confederation. The routing-domain identifier and autonomous system number are mutually exclusive values; that is, the router can be configured with either the autonomous system number or the member of confederation, not both. If confederations are in use, the RDI is used wherever the autonomous system would be used to communicate with peers within the confederation, including group-type confederation peers and the various internal-type peers. For correct operation of the router in confederations you must configure both the routing-domain identifier and the confederation.
|
Number of loops permitted in AS_PATH |
For the routing domain identifier: The number of times the local autonomous system can appear in an AS path for BGP-learned routes. If the number of times the local autonomous system appears in an AS path is more than the number in this field, the corresponding routes are discarded or rejected.
|
Parameter |
Description |
---|---|
Default MED |
Defines the metric (MED) used when advertising routes through BGP. If you do not specify a value, no metric is propagated. A metric specified on the neighbor configuration or in the redistribution configuration might override the metric you configure.
|
Default Gateway: |
A default route is generated when any BGP peer is up. This route has a higher rank than the default configured in the static routing page. If a specific BGP peer should not be considered for generating the default route, you should explicitly suppress the option in the peer-specific configuration.
|
Enable IGP Synchronization |
Select this option to make internal and configured BGP peers check for a matching route from IGP protocols before installing a given route.
|
Enable communities |
Enables communities-based policy options.
|
Weighted Route Dampening Settings
Enable Weighted Route Dampening |
Weighted route dampening minimizes the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly transitioning from available to unavailable or vice versa. Only routes learned through BGP are subjected to weighted route dampening. Note: BGP route dampening is only supported for External BGP (EBGP). When this option is selected, the other Route Dampening fields show. |
Reuse-below metric |
The value of the instability metric at which a suppressed route becomes unsuppressed if it is reachable but currently suppressed. The value assigned to the reuse-below metric must be less than the suppress-above value.
|
Suppress-above metric |
The value of the instability metric at which a route is suppressed; a route is not installed in the FIB or announced even if it is reachable during the period that it is suppressed.
|
Max-flap metric |
The upper limit of the instability. The value must be higher than one plus the suppress-above value. The metric assigned to the suppress-above, reuse-below, and max-flap metric values is a floating point number, in units of flaps. Each time a route becomes unreachable, one is added to the current instability metric.
|
Reachable decay time |
A value that determines the length of time it takes for the instability metric value to reach one half of its current value when the route is reachable. This half-life value determines the rate at which the metric value is decayed. A smaller half-life value makes a suppressed route reusable sooner than a larger value.
|
Unreachable decay time |
The rate at which the instability metric is decayed when a route is unreachable. This value must be equal to or greater than the reach-decay value.
|
Keep history time |
The period over which the route flapping history is maintained for a given route. The size of the configuration arrays described below is directly affected by this value.
|
Use these options to configure BGP peers.
Gaia supports IPv4 and IPv6 addresses for BGP peers.
Notes:
Parameter |
Description |
---|---|
Peer |
IP address of the peer. |
Peer Type
|
Configure whether or not the peer router is a reflector client of the local router.
|
Outgoing interface
|
IPv6 peer with FE80: local address only: All peer interfaces have a local address and a global address. All the peer interfaces can have the same local address, which starts with |
Comment |
A free-text description of the peer. |
Advanced Settings
Multiprotocol Capabilities
Parameter |
Description |
---|---|
IPv4 Unicast Only |
Only IPv4 unicast routes can be sent to and received from this peer.
|
IPv6 Unicast Only |
Only IPv6 unicast routes can be sent to and received from this peer.
|
Both IPv4 and IPv6 |
IPv4 and IPv6 unicast routes can be sent to and received from this peer.
|
Local Address
Parameter |
Description |
---|---|
Local Address |
The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address. Note: If running BGP in a cluster you must not configure the local address. Default: None |
Weight
Parameter |
Description |
---|---|
Weight |
The default weight associated with each route accepted from this peer. This value can be overridden by the weight specified in the import policy.
|
MED
Parameter |
Description |
---|---|
Accept MED from External Peer |
MED should be accepted from this external neighbor. MEDs are always accepted from routing-type and confederation neighbors. If this parameter is not used with an external neighbor, the MED is stripped before the update is added to the routing table. If this parameter is added or deleted and
|
MED Sent Out |
The primary metric used on all routes sent to the specified peer. This metric overrides the default metric on any route specified by the redistribute policy.
|
Next Hop and Time to Live
Parameter |
Description |
---|---|
EBGP Multihop |
Enable multihop connections with external BGP (EBGP) peers that are not directly connected. By default, external BGP peers are expected to be directly connected. You can refine the multihop session by configuring the Time to Live (TTL), that is, the number of hops to the EBGP peer. This option can also be used to set up peers for EBGP load balancing.
|
Time to Live |
Use the TTL (Time to Live) parameter to limit the number of hops over which the External BGP (EBGP) multihop session is established. You can configure the TTL only if EBGP multihop is enabled. The default TTL is 64. When multihop is disabled the default TTL is 1.
|
Aggregator
Parameter |
Description |
---|---|
No Aggregator ID |
Select to force this router to specify the router ID in the aggregator attribute as zero, rather than the actual router ID. This option prevents different routers in an AS from creating aggregate routes with different AS paths.
|
ASPATH
Parameter |
Description |
---|---|
ASPATH prepend count |
The number of times this router adds to the AS path on EBGP external or CBGP confederation sessions. Use this setting to bias the degree of preference some downstream routers have for the routes originated by this router. Some implementations prefer to select routes with shorter AS paths. This parameter has no effect when used with IBGP peers.
|
Private AS
Parameter |
Description |
---|---|
Remove Private AS |
Remove private AS numbers from the outgoing updates to this peer. Following conditions apply when this feature is enabled:
|
Timers
Parameter |
Description |
---|---|
Keep Alive Timer |
An alternative way to specify a Hold Time value, in seconds, to use when negotiating the connection with this peer. The keepalive interval equals one-third the value of the holdtime. The keepalive interval is often used instead of the holdtime value, but you can specify both values, provided the value for the holdtime is three times the keepalive interval. The value must be 0, that is, no keepalives are sent, or at least 2.
|
Hold Time |
The BGP holdtime value, in seconds, to use when negotiating a connection with this peer. According to the specification, if the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified by the holdtime value in the BGP Open message, the BGP connection is closed. The value must be either 0, that is, no keepalives are sent, or at least 6.
|
Needed when Peering with Route Server
Parameter |
Description |
---|---|
Ignore First AS Hop |
Select to force this router to ignore the first AS number in the AS_PATH for routes learned from the corresponding peer. Select this option only if you are peering with a route server in so-called transparent mode, that is, when the route server is configured to redistribute routes from multiple ASs without prepending its own AS number.
|
Keep Alive
Parameter |
Description |
---|---|
Keep Alive Always |
Select to force this router always to send keepalives even when an update can substitute. This setting allows interoperability with routers that do not completely adhere to the protocol specifications on this point.
|
Routes
Parameter |
Description |
---|---|
Accept Routes Received From the Peer |
Routes received from peer routes are accepted if there is an inbound BGP route policy. If an inbound policy to accept the route does not exist, you can select All or None.
|
Allows Accept TCP Sessions from Your Peer
Parameter |
Description |
---|---|
Passive |
Select to force this router to wait for the peer to issue an open. By default all explicitly configured peers are active and periodically send open messages until the peer responds. Modifying this option will reset the peer connection.
|
Authentication
Parameter |
Description |
---|---|
Authentication type |
The type of authentication scheme to use between given peers. In general peers must agree on the authentication configuration to form peer adjacencies. This feature guarantees that routing information is accepted only from trusted peers. If the Auth type selected is TCP MD5 the Password field appears. When you enter a password, TCP MD5 authentication is used with the given peer. Note - TCP MD5 is not supported on BGP IPv6 peers.
|
Limit BGP Updates Send to a Peer
Parameter |
Description |
---|---|
Throttle count |
Throttles the network traffic when there are many BGP peers. Throttle count determines the number of BGP updates sent at a time.
|
Route Refresh
Parameter |
Description |
---|---|
Route Refresh |
Route refresh is used to either re-learn routes from the BGP peer or to refresh the routing table of the peer without tearing down the BGP session. Both peers must support the BGP route refresh capability and should have advertised this at the time peering was established. Re-learning of routes previously sent by the peer is accomplished by sending a BGP route refresh message. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent. You can also trigger a route update without having to wait for a route refresh request from the peer. Both peers must support the same address and subsequent address families. For example a request for IPv6 unicast routes from a peer that did not advertise the capability during session establishment will be ignored. Note: Clicking a Route Refresh button sends a trigger to the routing daemon. It does not change the configuration of the router. |
Graceful Restart
Parameter |
Description |
---|---|
Helper |
Routes received from peer are preserved if the peer goes down till either the session is re-established (OPEN message is received from the peer after it comes back up) or the graceful restart timer expires.
|
Stalepath Time |
Maximal time for which routes previously received from a restarting router are kept unless they are re-validated. The timer is started after the peer sends indication that it is up again.
|
Logging
Parameter |
Description |
---|---|
Log bgp peer transitions |
Select to force this router to log a message whenever a BGP peer enters or leaves the ESTABLISHED state.
|
Log warnings |
Select to force this router to log a message whenever a warning scenario is encountered in the codepath.
|
Trace Options
See Description of Trace Options.
Parameter |
Description |
---|---|
Peer AS Number |
The autonomous system number of the external peer group. Enter an integer from 1-65535. |
Peer Group Type |
One of
|
Description |
A free-text description of the peer group. |
Local address |
The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be on an interface that is shared with the peer or with the peer's gateway, when the gateway parameter is used. A session with an external peer opens only when an interface with a local address through which you can reach the peer or gateway address directly operates. For other types of peers, a peer session opens when an interface with the specified local address operates. In both external and other types of peers, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address. Note - If you run BGP in a cluster, you must not configure the local address.
|
Out Delay |
The length of time in seconds that a route must be present in the routing database before it is redistributed to BGP. This value applies to all neighbors configured in this group. The default value is zero, which means that this feature is disabled. This feature dampens route fluctuations.
|
Peer |
Configure peers. Each peer inherits as defaults all parameters configured on a group. To change the values of a peer's parameters, select the peer and click Edit. |
Use the following commands to configure external sessions of the protocol, that is, between routers in different autonomous systems.
set bgp external remote-as as_number <on | off> aspath-prepend-count <1-25 | default> description text local-address ip_address <on | off> outdelay <0-65535> outdelay off |
Parameter |
Description |
---|---|
|
The autonomous system number of the external peer group. Enter an integer from 1‑65535. |
|
The number of times this router adds to the autonomous system path on external BGP sessions. Use this option to bias the degree of preference some downstream routers have for the routes originated by this router. Some implementations prefer to select paths with shorter autonomous system paths. Default is 1. |
|
You can enter a brief text description of the group. |
|
The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address. Note: If running BGP in a cluster you must not configure the local address. Default: Off |
|
The amount of time in seconds that a route must be present in the routing database before it is redistributed to BGP. The configured value applies to all peers configured in this group. This feature dampens route fluctuation. The value zero (0) disables this feature. Default: 0 |
|
Disables outdelay. |
Use these commands to configure BGP peers.
Gaia supports IPv4 and IPv6 addresses for BGP peers.
Notes:
set bgp external remote-as <as_number> peer <ip_address> <on | off> med-out <0—4294967294 | default> outgoing-interface <interface> <on | off> accept-med <on | off> multihop <on | off> ttl <1-255 | default> no-aggregator-id <on | off> holdtime <6—65535 | default> keepalive <2—21845 | default> ignore-first-ashop <on | off> send-keepalives <on | off> send-route-refresh [request|route-update][ipv4 | ipv6 | All] [unicast] route-refresh <on | off> accept-routes <all | none> passive-tcp <on | off> removeprivateas <on | off> authtype none authtype md5 secret secret throttle-count <0—65535 | off> suppress-default-originate <on | off> log-state-transitions <on | off> log-warnings <on | off> trace bgp_traceoption <on | off> capability <default | ipv4-unicast | ipv6-unicast> graceful-restart-helper <on | off> graceful-restart-helper-stalepath-time seconds |
Parameter |
Description |
---|---|
|
A specific peer <ip_address> for the group. |
|
The multi-exit discriminator (MED) metric used as the primary metric on all routes sent to the specified peer address. This metric overrides the default metric on any metric specified by the redistribute policy. External peers use MED values to decide which of the available entry points into an autonomous system is preferred. A lower MED value is preferred over a higher MED value. Default: 4294967294 |
|
IPv6 peer with FE80: local address only: All peer interfaces have a local address and a global address. All the peer interfaces can have the same local address, which starts with |
|
Accept MED from the specified peer address. If you do not set this option, the MED is stripped from the advertisement before the update is added to the routing table. |
|
Enable multihop connections with external BGP (EBGP) peers that are not directly connected. By default, external BGP peers are expected to be directly connected. You can refine the multihop session by configuring the Time to Live (TTL), that is, the number of hops to the EBGP peer. This option can also be used to set up peers for EBGP load balancing. Default: Off |
|
Use the TTL (Time to Live) parameter to limit the number of hops over which the External BGP (EBGP) multihop session is established. You can configure the TTL only if EBGP multihop is enabled. The default TTL is 64. When multihop is disabled the default TTL is 1. Default: 64 |
|
The router’s aggregate attribute as zero (rather than the router ID value). This option prevents different routers in an AS from creating aggregate routes with different AS paths. |
|
The BGP holdtime interval, in seconds, when negotiating a connection with the specified peer. If the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified in the holdtime field of the BGP open message, the BGP connection is closed. Default: 180 seconds |
|
The keepalive option is an alternative way to specify a holdtime value in seconds when negotiating a connection with the specified peer. You can use the keepalive interval instead of the holdtime interval. You can also use both intervals, but the holdtime value must be 3 times the keepalive interval value. Default: 60 seconds |
|
Ignore the first autonomous system number in the autonomous system path for routes learned from the corresponding peer. Set this option only if you are peering with a route server in transparent mode, that is, when the route server is configured to redistribute routes from multiple other autonomous systems without prepending its own autonomous system number. |
|
This router always sends keepalive messages even when an update message is sufficient. This option allows interoperability with routers that do not strictly adhere to protocol specifications regarding updates. |
|
The router dynamically request BGP route updates from peers or respond to requests for BGP route updates. |
|
Re-learns routes previously sent by the BGP peer or refreshes the routing table of the peer. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent. A user can also trigger a route update without having to wait for a route refresh request from the peer. |
|
An inbound BGP policy route if one is not already configured. Enter Enter |
|
The router waits for the specified peer to issue an open message. No tcp connections are initiated by the router. |
|
Remove private AS numbers from BGP update messages to external peers. |
|
Do not use an authentication scheme between peers. Using an authentication scheme guarantees that routing information is accepted only from trusted peers. Default: none |
|
Use md5 authentication between peers. In general, peers must agree on the authentication configuration to and from peer adjacencies. Using an authentication scheme guarantees that routing information is accepted only from trusted peers. Note - TCP MD5 is not supported on BGP IPv6 peers. |
|
The number of BGP updates to send at one time. This option limits the number of BGP updates when there are many BGP peers. Off disables the throttle count option. |
|
Do NOT to generate a default route when the peer receives a valid update from its peer. |
|
The router generates a log message whenever a peer enters or leave the established state. |
|
The router generates a log message whenever a warning scenario is encountered in the codepath. |
|
Tracing options for the BGP implementation. Log messages are saved in the |
|
On each peer, configure the type of routes (Multiprotocol capability) to exchange between peers. Choose one of these:
For peering to be established, the routers must share a capability. |
|
Whether the Check Point system should maintain the forwarding state advertised by peer routers even when they restart to minimize the negative effects caused by peer routers restarting. |
|
The maximal amount of time that routes previously received from a restarting router are kept so that they can be revalidated. The timer is started after the peer sends an indication that it has recovered. |
Use these commands to configure BGP confederations. You can configure a BGP confederation in conjunction with external BGP.
confederation identifier as_number confederation identifier off confederation aspath‑loops‑permitted <1‑10> confederation aspath‑loops‑permitted default routing‑domain identifier as_number routing‑domain identifier off routing‑domain aspath‑loops‑permitted <1‑10> routing‑domain aspath‑loops‑permitted default synchronizat
|
Arguments
Parameter |
Description |
---|---|
|
Specifies the identifier for the entire confederation. This identifier is used as the autonomous system number in external BGP sessions. Outside the confederation, the confederation id is the autonomous system number of a single, large autonomous system. Thus the confederation id must be a globally unique, typically assigned autonomous system number. |
|
Disables the confederation identifier. |
|
Specifies the number of times the local autonomous system can appear in an autonomous system path for BGP‑learned routes. If this number is higher than the number of times the local autonomous system appears in an autonomous system path, the corresponding routes are discarded or rejected. |
|
Specifies a value of 1. |
|
Specifies the routing domain identifier (RDI) for this router. You must specify the RDI if you are using BGP confederations. The RDI does not need to be globally unique since it is used only within the domain of the confederation. |
|
Disables the routing‑domain identifier. |
|
Specifies the number of times the local autonomous system can appear in an autonomous system path for BGP‑learned routes. If this number is higher than the number of times the local autonomous system appears in an autonomous system path, the corresponding routes are discarded or rejected. |
|
Specifies a value of 1. |
|
Enables IGP synchronization. Set this option On to cause internal and confederation BGP peers to check for a matching route from IGP protocol before installing a BGP learned route. |
Use these commands to configure BGP confederation peers.
Note - The IP address of a peer can be an IPv4 or an IPv6 address. |
||
set bgp confederation member-as <as_id> [on|off] description [off|<description>] interface <int> [off|on] local-address <IP_addr> [off|on] med [default|<value>] |
Arguments
Parameter |
Description |
---|---|
|
Creates ( |
|
Sets the peer group description to <description>, or turns off the description ( |
|
Sets a gateway interface (<int>: eth1, eth2, etc.) as the peer group interface, and turns it on or off. |
|
Sets a peer group with an IP address on the local gateway. |
|
Sets the peer group local Multi-Exit Discriminator. The default is 0. |
|
Sets ( |
|
Sets or removes the out-delay value (in seconds). Set this value to enforce rate limiting. |
|
Creates a peer group with the specified gateway ( |
|
Set an internal peer group protocol.
|
|
|
|
Set peer authentication between the local gateway and the specified peer gateway (<IP_addr>). You can set it to MD5 and specify the password ( |
|
Configure peer multiprotocol capabilities ( |
|
Turn graceful restart on and off between the local gateway and the specified peer ( |
|
Set graceful restart stalepath time (in seconds) with the specified peer (
|
|
Set the maximum amount of time (in seconds) that can elapse between messages from the specified peer ( |
|
|
|
Set the keepalive timer (in seconds) for the specified peer (
|
|
Sets a local IP address ( |
|
Turns logging of peer state transitions |
|
Turns logging of warnings |
|
Sets the specified peer ( |
|
Sets a specific outgoing interface ( |
|
Sets peer passive behavior. If |
|
Sets the local gateway's peer type in the relation to the specified peer (
|
peer |
Sets ping capability between the local gateway and the specified peer (
|
|
Sets route refresh capability between the local gateway and the specified peer (
|
|
Sets the gateway to always send keepalive messages to the specified peer (
|
|
Sets the local gateway to request BGP route updates from the specified peer (
|
|
Sets the local gateway to respond to requests for BGP route updates from the specified peer (
|
|
Sets the maximum number of BGP updates that can be sent at one time tot he specified peer (
|
|
Sets the types of packets to trace from the specified peer ( |
|
Sets the weight for the specified peer ( |
|
Sets a comment associated with the specified peer ( |
Use these commands to configure BGP route reflection. You can configure route reflection as an alternative to BGP confederations. Route reflection supports both internal and external BGP routing groups.
set bgp
internal peer <ip_address> peer-type reflector-client
internal peer <ip_address> peer-type none
internal peer <ip_address> peer-type no-client-reflector
cluster-id ip_address
cluster-id off
default-med <0-65535>
default-med off
default-route-gateway ip_address
default-route-gateway off
Parameter |
Description |
---|---|
|
The peer router |
|
The peer router |
|
An advanced option. |
|
The cluster ID used for route reflection. The cluster ID default is that of the router id. Override the default if the cluster has more than one route reflector |
|
Disable the cluster ID. |
|
The multi-exit discriminator (MED) metric used to advertise routes through BGP. |
|
Disable the specified MED metric. |
|
The default route. This route has a higher rank than any configured default static route for this router. If you do not want a BGP peer considered for generating the default route, use the |
|
Disables the configured default BGP route. |
Use the following commands to configure BGP route dampening. BGP route dampening maintains a history of flapping routes and prevents advertising these routes. A route is considered to be flapping when it is repeatedly transitioning from available to unavailable or vice versa.
s
et bgp dampening
<on | off>
suppress-above <2-32>
suppress-above default
reuse-below <1-32>
reuse-below default
max-flat <3-64>
max-flat default
reachable-decay <1-900>
reachable-decay default
unreachable-decay <1-2700>
unreachable-decay default
keep-history <2-5400>
keep-history default
Note: BGP route dampening is only supported for External BGP (EBGP).
Parameter |
Description |
---|---|
|
Specifies whether to enable or disable BGP route dampening. |
|
Specifies the value of the instability metric at which route suppression takes place. A route is not installed in the forwarding table or announced even if it reachable during the period that it is suppressed. |
|
Specifies an instability metric value for suppressing routes of 3. |
|
Specifies the value of the instability metric at which a suppressed route becomes unsuppressed if it is reachable but currently suppressed. The value assigned to the reuse-below metric must be lower than the suppress-above value. |
|
Specifies an instability metric value for announcing previously suppressed routes of 2. |
|
Specifies the upper limit of the instability metric. The value must be greater than the suppress-above value plus 1. Each time a route becomes unreachable, 1 is added to the current instability metric. |
|
Specifies the upper limit of the instability metric as 16. |
|
Specifies the time for the instability metric to reach half of its value when the route is reachable. The smaller the value the sooner a suppressed route becomes reusable. |
|
Specifies a value of 300. |
|
Specifies the time for the instability metric to reach half its value when the route is NOT reachable. The value must be equal to or higher than the reachable-decay value. |
|
Specifies a value of 900 |
|
Specifies the period for which route flapping history is maintained for a given route. |
|
Specifies a value of 1800. |
Use the following commands to configure internal BGP sessions, that is, between routers within the same autonomous system.
set bgp internal <on | off> description text med <0-65535> med default outdelay <0-65535> outdelay off nexthop-self <on | off> local-address ip_address <on | off> interface [all | if_name] <on | off> protocol [all | bgp_internal_protocol] <on | off> graceful-restart-helper <on | off> graceful-restart-helper-stalepath-time seconds route-refresh <on | off> |
set bgp internal peer <ip_address> peer_type <on | off> weight <0-65535> weight off no-aggregator id <on | off> holdtime <6-65535> holdtime default keepalive <2-21845> keepalive default ignore-first-ashop <on | off> send-keepalives <on | off> send-route-refresh [request | route-update] [ipv4|ipv6|All] [unicast] accept-routes all accept-routes none passive-tcp <on | off> authtype none authtype md5 secret secret throttle-count <0-65535> throttle count off log-state-transitions <on | off> log-warnings <on | off> trace bgp_traceoption <on | off> |
Parameter |
Description |
---|---|
|
Enable or disable an internal BGP group. |
|
Optional: A brief text description of the group. |
|
|
|
|
|
The amount of time in seconds that a route must be present in the Default: 0 |
|
Disables outdelay. |
|
This router sends one of its own IP addresses as the BGP next hop. Default: off |
|
The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address. Note: If running BGP in a cluster you must not configure the local address. Default: Off |
|
Enable or disable the specified internal peer group on all interfaces or a specific interface. |
|
Enable or disable all internal routing protocols on the specified internal peer group or specific internal protocols. You can enter the following specific internal protocols: |
|
An internal peer address and peer type. Enter |
|
The weight associated with the specified peer. BGP implicitly stores any rejected routes by not mentioning them in a route filter. BGP explicitly mentions them within the routing table by using a restrict keyword with a negative weight. A negative weight prevents a route from becoming active, which prevents it from being installed in the forwarding table or exported to other protocols. This eliminates the need to break and reestablish a session upon reconfiguration if import route policy is changed. |
|
Disables the weight associated with the specified peer. |
|
The router’s aggregate attribute as zero (rather than the router ID value). This option prevents different routers in an AS from creating aggregate routes with different AS paths Default: off |
|
The BGP holdtime interval, in seconds, when negotiating a connection with the specified peer. If the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified in the holdtime field of the BGP open message, the BGP connection is closed. |
|
A holdtime of 180 seconds. |
|
The keepalive option is an alternative way to specify a holdtime value in seconds when negotiating a connection with the specified peer. You can use the keepalive interval instead of the holdtime interval. You can also use both interval, but the holdtime value must be 3 times the keepalive interval value. |
|
A keepalive interval of 60 seconds. |
|
Ignore the first autonomous system number in the autonomous system path for routes learned from the corresponding peer. Set this option only if you are peering with a route server in transparent mode, that is, when the route server is configured to redistribute routes from multiple other autonomous systems without prepending its own autonomous system number. |
|
This router always sends keepalive messages even when an update message is sufficient. This option allows interoperability with routers that do not strictly adhere to protocol specifications regarding update. |
|
The router dynamically request BGP route updates from peers or respond to requests for BGP route updates. |
|
An inbound BGP policy route if one is not already configured. Enter |
|
An inbound BGP policy route if one is not already configured. Enter |
|
The router waits for the specified peer to issue an open message. No tcp connections are initiated by the router. Default: off |
|
Do not use an authentication scheme between peers. Using an authentication scheme guarantees that routing information is accepted only from trusted peers. |
|
Use md5 authentication between peers. In general, peers must agree on the authentication configuration to and from peer adjacencies. Using an authentication scheme guarantees that routing information is accepted only from trusted peers. Note - TCP MD5 is not supported on BGP IPv6 peers. |
|
The number of BGP updates to send at one time. The throttle count option limits the number of BGP updates when there are many BGP peers. |
|
Disables the throttle count option. |
|
The router generates a log message whenever a peer enters or leave the established state. |
|
The router generates a log message whenever a warning scenario is encountered in the codepath. |
|
Tracing options for the BGP implementation. Log messages are saved in the |
|
Whether the Check Point system should maintain the forwarding state advertised by peer routers even when they restart to minimize the negative effects caused by peer routers restarting. |
|
The maximal amount of time that routes previously received from a restarting router are kept so that they can be revalidated. The timer is started after the peer sends an indication that it has recovered. |
|
Re-learns routes previously sent by the BGP peer or refreshes the routing table of the peer. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent. A user can also trigger a route update without having to wait for a route refresh request from the peer. |
Use the following command to configure BGP communities. A BGP community is a group of destinations that share the same property. However, a community is not restricted to one network or autonomous system. Use communities to simplify the BGP inbound and route redistribution policies. Use the BGP communities commands together with inbound policy and route redistribution.
set bgp communities <on | off>
Parameter |
Description |
---|---|
|
Enable or disable BGP policy options based on communities. |
Use these commands to monitor and troubleshoot your BGP implementation:
show bgp
groups
memory
errors
paths
stats
peer <ip_address> {advertise | detailed | received}
peers {advertise | detailed | established | received}
summary
show ipv6 route bgp {aspath | communities | detailed | metrics | suppressed}