Note - Not all fields are shown in all cases.

Router ID

The Router ID uniquely identifies the router in the autonomous system. The BGP and OSPF protocols use the router ID.

Best Practice - set the router ID rather than rely on the default setting. This prevents changes in the router ID if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1).

Note - In a cluster, you must select a router ID and make sure that it is the same on all cluster members.

• Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0
• Default: The interface address of one of the local interfaces.

Cluster ID for Route Reflectors

The cluster ID used for route reflection. The default cluster ID is the router ID. You must override this default value if the cluster contains more than one route reflector.

Typically, a single router acts as the reflector for a set, or cluster, of clients. However, for redundancy two or more routers can also be configured as reflectors for the same cluster. In this case, you must select a cluster ID to identify all reflectors serving the cluster.

Gratuitous use of multiple redundant reflectors is not advised, for this situation can cause an increase in the memory required to store routes on the redundant reflectors peers.

• Range: Dotted-quad ([0-255].[0-255].[0-255].[0-255])
• Default: Router ID

Local Autonomous System Number

The local autonomous system number of the router.

Unconfigured

Local Autonomous System Number

The local autonomous system number of the router. This setting is mutually exclusive from the Confederation and Routing Domain Identifier. The router can be configured with either the autonomous system number or the member of confederation, not both.

Caution: When you change the autonomous system number, all current peer sessions are reset and all BGP routes are deleted.

• Range: 1-65535
• Default: No default

Confederation

The identifier for the entire confederation system. This identifier is used as the AS in external BGP sessions. To the outside world, the confederation ID is the AS number of the single, large AS. For this reason, the confederation ID must be a globally unique, normally assigned AS number.

• Range: 1-65535
• Default: No default

Number of loops permitted in AS_PATH

For the confederation: The number of times the local autonomous system can appear in an AS path for BGP-learned routes. If the number of times the local autonomous system appears in an AS path is more than the number in this field, the corresponding routes are discarded or rejected.

• Range: 1-10
• Default: 1

Routing Domain Identifier

The routing domain identifier (RDI) of this router. This value is required only if BGP confederations are in use. The RDI does not have to be globally unique since it is never used outside the domain of the confederation system. However, the configured RDI must be unique within the confederation. The routing-domain identifier and autonomous system number are mutually exclusive values; that is, the router can be configured with either the autonomous system number or the member of confederation, not both. If confederations are in use, the RDI is used wherever the autonomous system would be used to communicate with peers within the confederation, including group-type confederation peers and the various internal-type peers. For correct operation of the router in confederations you must configure both the routing-domain identifier and the confederation.

• Range: 1-65535
• Default: No default

Number of loops permitted in AS_PATH

For the routing domain identifier: The number of times the local autonomous system can appear in an AS path for BGP-learned routes. If the number of times the local autonomous system appears in an AS path is more than the number in this field, the corresponding routes are discarded or rejected.

• Range: 1-10
• Default: 1

Default MED

Defines the metric (MED) used when advertising routes through BGP. If you do not specify a value, no metric is propagated. A metric specified on the neighbor configuration or in the redistribution configuration might override the metric you configure.

• Range: 0-65535
• Default: None

Default Gateway:

A default route is generated when any BGP peer is up. This route has a higher rank than the default configured in the static routing page. If a specific BGP peer should not be considered for generating the default route, you should explicitly suppress the option in the peer-specific configuration.

• Range: Dotted-quad ([0-255].[0-255].[0-255].[0-255])
• Default: None

Enable IGP Synchronization

Select this option to make internal and configured BGP peers check for a matching route from IGP protocols before installing a given route.

• Default: Unselected

Enable communities

Enables communities-based policy options.

• Default: Unselected

Enable ECMP

Enables Equal-Cost Multi-Path (ECMP) routing strategy.

ECMP is a load-balancing routing strategy. The BGP RFC does not support ECMP routes because BGP clearly sets the route selection criteria. To overcome this issue and install ECMP route through a BGP user, enable the ECMP option.

Note - BGP ECMP is not supported for routes that are received by a mix of IBGP and EBGP

• Default: Unselected

Graceful Restart Time

Specifies the time (in seconds) that BGP peers of this router should keep the routes advertised to them while this router restarts. If the BGP session is not re-established within this time, the peers will delete the routes. If this router re-establishes the session(s) with its peer(s) before this timer expires, the peers will schedule the stale-path-timer to re-validate the routes advertised by this router.

See sk100499.

• Range: 1-4095
• Default: 360

Graceful Restart Selection Deferral Time

Specifies the time (in seconds) that this router will wait for the End-of-RIB notification from each of its BGP peers after a restart. After a restart or cluster failover, the cluster master has to re-validate the routes it had previously received from each of the BGP peers. The old routes will be kept till either all the peers have sent the End-of-RIB or this timer expires. Any routes not re-validated are deleted.

See sk100499.

• Range: 60-4095
• Default: 360

Enable Weighted Route Dampening

See the next section Weighted Route Dampening Settings.

• Default: Unselected

Ping interval

Specifies the interval between pings sent to all BGP peers with ping enabled.

• Range: 1-60
• Default: 2

Ping Count

Specifies the number of failed pings to an individual BGP peer with ping enabled before BGP will drop that peer. This value is common across all BGP peers.

• Range: 1-10
• Default: 3

Parameter

Description

Enable Weighted Route Dampening

Weighted route dampening minimizes the propagation of flapping routes across an internetwork. A route is considered to be flapping when it is repeatedly transitioning from available to unavailable or vice versa. Only routes learned through BGP are subjected to weighted route dampening.

CR01186056 BGP route dampening is only support for EBGP. QA: Yotam. R&D: Sandeep.

Note: BGP route dampening is only supported for External BGP (EBGP).

When this option is selected, the other Route Dampening fields show.

Reuse-below metric

The value of the instability metric at which a suppressed route becomes unsuppressed if it is reachable but currently suppressed. The value assigned to the reuse-below metric must be less than the suppress-above value.

• Range: 1-32
• Default: 2

Suppress-above metric

The value of the instability metric at which a route is suppressed; a route is not installed in the FIB or announced even if it is reachable during the period that it is suppressed.

• Range: 2-32
• Default: 3

Max-flap metric

The upper limit of the instability. The value must be higher than one plus the suppress-above value. The metric assigned to the suppress-above, reuse-below, and max-flap metric values is a floating point number, in units of flaps. Each time a route becomes unreachable, one is added to the current instability metric.

• Range: 3-64
• Default: 16

Reachable decay time

A value that determines the length of time it takes for the instability metric value to reach one half of its current value when the route is reachable. This half-life value determines the rate at which the metric value is decayed. A smaller half-life value makes a suppressed route reusable sooner than a larger value.

• Range: 1-900
• Default: 300

Unreachable decay time

The rate at which the instability metric is decayed when a route is unreachable. This value must be equal to or greater than the reach-decay value.

• Range: 1-2700
• Default: 900

Keep history time

The period over which the route flapping history is maintained for a given route. The size of the configuration arrays described below is directly affected by this value.

• Range: 2-5400
• Default: 1800

Peer AS Number

The autonomous system number of the external peer group. Enter an integer from 1-65535.

Peer Group Type

One of these:

• Unconfigured
• Local Autonomous System Number
• Confederation

Description

A free-text description of the peer group.

Local address

The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be on an interface that is shared with the peer or with the peer's gateway, when the gateway parameter is used. A session with an external peer opens only when an interface with a local address through which you can reach the peer or gateway address directly operates.

For other types of peers, a peer session opens when an interface with the specified local address operates. In both external and other types of peers, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address.

Note - If you run BGP in a cluster, you must not configure the local address.

• Default: None

Out Delay

The length of time in seconds that a route must be present in the routing database before it is redistributed to BGP. This value applies to all neighbors configured in this group. The default value is zero, which means that this feature is disabled. This feature dampens route fluctuations.

• Range: 0-65535
• Default: 0

Peer

Configure peers. Each peer inherits as defaults all parameters configured on a group. To change the values of a peer's parameters, select the peer and click Edit.

Peer

BGP remote peer.

Comment

A free-text description of the remote peer.

IP Reachability Detection

Configure Bidirectional Forwarding Detection (BFD) on each Security Gateway and cluster member that sends or receives BFD packets. Select one of these options:

• Singlehop BFD - For a peer that is one hop away. The peer must be on a directly connected network. Make sure the firewall policy allows UDP port 3784 in both directions.
• Multihop BFD - For a peer that is one or more hops away. Make sure the firewall policy allows UDP port 4784 in both directions.
• Off

Make sure that the BFD configuration is the same on both BFD peers (both configured as multiphop or singlehop).

Make sure the SmartConsole topology is correct (issues with incorrect firewall topology can cause anti-spoofing to interfere with BFD traffic).

Check Control Plane Failure

Interprets the control plane independent flag (the C bit) received from the remote BFD peer.

When these two conditions are met at the same time, the gateway keeps stale routes and does not purge them, for graceful restart purposes:

1. The C bit received from the peer is zero.
2. BGP graceful restart is enabled.

When the option is cleared, stale routes are purged when the peer goes down.

• Default: Cleared

IPv4 Unicast

Specifies if IPv4 unicast routes can be sent to and received from this peer.

• Default: Selected

IPv6 Unicast

Specifies if IPv6 unicast routes can be sent to and received from this peer.

• Default: Cleared

Enable Peer Local AS

The peer local ASN replaces the local ASN in the BGP session.

Peer Local AS

Peer local AS number. Lets you configure the connection to a remote peer with a Peer Local ASN, on a per-peer basis. The Peer Local ASN replaces the Local ASN in the BGP session. Only eBGP peers are supported. It is not necessary to configure the Peer Local ASN locally

Prepend Peer Local AS on inbound updates from peer

The router adds the configured peer local ASN to the AS path of the routes received from the peer. Routes installed from that peer will contain the peer local ASN as the first entry in the AS Path.

Default: On

Prepend systemwide Local AS on outbound updates to peer

The router adds the local ASN to the AS Path of the routes advertised to an eBGP peer. When enabled, the local ASN is the second ASN in the AS Path of updates sent to eBGP peers. The peer local ASN is always the first ASN in the AS Path if the sub feature is enabled or not.

Default: On

Allow peering with the Local AS

Enables the connection to the local ASN or the peer local ASN. There can be only one active connection. If you do not enable this option, it is only possible to connect to the Peer Local ASN.

The router first tries to connect to the local ASN. If the connection is created with the local ASN, the BGP runs as if the peer local ASN feature is not configured. If the connection with the local ASN fails, the router tries to connect with the peer local ASN.

Important - Do not use this feature with an AS that already has peer local AS with Dual-Peering enabled.

Default: Off

Local Address

The address used on the local end of the TCP connection with the peer. For external peers that do not have multihop enabled, the local address must be
on an interface that is shared with the peer or with the peer's gateway when the gateway parameter is used. A session with an external peer is opened only when an interface with a local address through which the peer or gateway address is directly reachable is operating.

For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address.

Note - If running BGP in a cluster you must not configure the local address.

Default: None

Weight

The default weight associated with each route accepted from this peer. This value can be overridden by the weight specified in the import policy.

• Range: 0-65535

Accept MED from External Peer

MED should be accepted from this external neighbor. MEDs are always accepted from routing-type and confederation neighbors. If this parameter is not used with an external neighbor, the MED is stripped before the update is added to the routing table. If this parameter is added or deleted and routed is reconfigured, the affected peering sessions are automatically restarted.

• Default: Cleared

MED Sent Out

The primary metric used on all routes sent to the specified peer. This metric overrides the default metric on any route specified by the redistribute policy.

• Range: 0-4294967294
• Default: 4294967294

EGP Multihop

Multihop is used to set up EBGP peering connections with peers that are not directly connected. You can also use this option, which relies on an IGP to find the route to the peer, to set up peers to perform EBGP load balancing. You can refine the multihop session by configuring the TTL, that is, the number of hops to the EBGP peer. The TTL has a default value of 64.

• Default: Cleared

Time to Live

You can use the TTL (time to live parameter) to limit the number of hops over which the EBGP multihop session is established. You can configure the TTL only if multihop is enabled.

• Range: 1-255
• Default: 64

No Aggregator ID

Select to force this router to specify the router ID in the aggregator attribute as zero, rather than the actual router ID. This option prevents different routers in an AS from creating aggregate routes with different AS paths.

• Default: Cleared

ASPATH prepend count

The number of times this router adds to the AS path on EBGP external or CBGP confederation sessions. Use this setting to bias the degree of preference some downstream routers have for the routes originated by this router. Some implementations prefer to select routes with shorter AS paths. This parameter has no effect when used with IBGP peers.

• Range: 1-25
• Default: 1

AllowAS In Count

This feature lets the router at the receiving end override the peer's AS number with the router's AS number in the inbound AS path.

This is an inbound property whereas as-override is an outbound property.

• Range: 0-10
• Default: 0

AS Override

Overrides the peer's AS number with the router's AS number in the outbound AS path.

Default: Cleared

Remove Private AS

Remove private AS numbers from the outgoing updates to this peer. Following conditions apply when this feature is enabled:

• If the AS path includes both public and private AS numbers, private AS numbers will not be removed.
• If the AS path contains the AS number of the destination peer, private AS numbers will not be removed.
• If the AS path contains only confederations and private AS numbers, private AS numbers will be removed.

• Default: Cleared

Keep Alive Timer

An alternative way to specify a Hold Time value, in seconds, to use when negotiating the connection with this peer. The keepalive interval equals one-third the value of the holdtime. The keepalive interval is often used instead of the holdtime value, but you can specify both values, provided the value for the holdtime is three times the keepalive interval. The value must be 0, that is, no keepalives are sent, or at least 2.

• Range: 0, 2-21845
• Default: 60

Hold Time

The BGP holdtime value, in seconds, to use when negotiating a connection with this peer. According to the specification, if the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified by the holdtime value in the BGP Open message, the BGP connection is closed. The value must be either 0, that is, no keepalives are sent, or at least 6.

• Range: 0, 6-65535
• Default: 180

Ignore First AS Hop

Select to force this router to ignore the first AS number in the AS_PATH for routes learned from the corresponding peer. Select this option only if you are peering with a route server in so-called transparent mode, that is, when the route server is configured to redistribute routes from multiple ASs without prepending its own AS number.

• Default: Cleared

Keep Alive Always

Select to force this router always to send keepalives even when an update can substitute. This setting allows interoperability with routers that do not completely adhere to the protocol specifications on this point.

• Default: Cleared

Accept Routes Received From the Peer

Routes received from peer routes are accepted if there is an inbound BGP route policy. If an inbound policy to accept the route does not exist, you can select All or None.

• All - Specifies to accept and install routes with an invalid preference. Depending on the local BGP inbound policy the routes could become active or inactive.
• None - Specifies to delete routes learned from a peer when no explicit local BGP inbound policy exists. This option is used to save memory overhead when many routes are rejected because there is no local policy. These routes can be relearned only by restarting the BGP session.

• Default: All

Passive

Select to force this router to wait for the peer to issue an open. By default all explicitly configured peers are active and periodically send open messages until the peer responds. Modifying this option will reset the peer connection.

• Default: Cleared

Authentication type

The type of authentication scheme to use between given peers. In general peers must agree on the authentication configuration to form peer adjacencies. This feature guarantees that routing information is accepted only from trusted peers. If the Auth type selected is MD5 the Password field appears. When you enter a password, MD5 authentication is used with the given peer.

• Options: None / MD5
• Default: None

Throttle count

Throttles the network traffic when there are many BGP peers. Throttle count determines the number of BGP updates sent at a time.

• Range: 0-65535
• Default: No default

Route Refresh

Route refresh is used to either re-learn routes from the BGP peer or to refresh the routing table of the peer without tearing down the BGP session. Both peers must support the BGP route refresh capability and should have advertised this at the time peering was established.

Re-learning of routes previously sent by the peer is accomplished by sending a BGP route refresh message. The peer responds to the message with the current routing table. Similarly, if a peer sends a route refresh request the current routing table is re-sent.

You can also trigger a route update without having to wait for a route refresh request from the peer.

Both peers must support the same address and subsequent address families. For example a request for IPv6 unicast routes from a peer that did not advertise the capability during session establishment will be ignored.

Note - Clicking a Route Refresh button sends a trigger to the routing daemon. It does not change the configuration of the router.

Helper

Routes received from peer are preserved if the peer goes down till either the session is re-established (OPEN message is received from the peer after it comes back up) or the graceful restart timer expires.

• Default: Cleared

Stalepath Time

Maximal time for which routes previously received from a restarting router are kept unless they are re-validated. The timer is started after the peer sends indication that it is up again.

• Range: 60 - 65535
• Default: 360

Log bgp peer transitions

Select to force this router to log a message whenever a BGP peer enters or leaves the ESTABLISHED state.

• Default: Cleared

Log warnings

Select to force this router to log a message whenever a warning scenario is encountered in the codepath.

• Default: Cleared

The tracing options for BGP. The BGP implementation inherits the default values for global trace options. You can override these values on a group or neighbor basis. Log messages are saved in var/log/routed.log

All

Trace all message types.

General

Trace messages related to Route and Normal.

Keepalive

Trace all the BGP keepalive messages to this peer, which are used to verify peer reachability.

Normal

Trace normal protocols occurrences. Abnormal protocol occurrences are always traced.

Open

Trace all the BGP open messages to this peer, which are used to establish a peer relationship.

Packets

Trace all the BGP packets to this peer.

Policy

Trace application of protocol and user-specified policy to routes being imported and exported.

Route

Trace routing table changes for routes installed by this peer.

State

Trace state machine transitions in the protocol.

Task

Trace system interface and processing associated with this peer.

Timer

Trace timer usage by this peer.

Update

Trace all the BGP update messages to this peer, which are used to pass network reachability information.