Configuring Internal BGP

Syntax:

set bgp internal

      description "Text"

      graceful-restart-helper {off | on}

      graceful-restart-helper-stalepath-time seconds

      interface [{all | <Name of Interface>}] {off | on}

      local-address <IP Address> {off | on}

      med {<0-65535> | default}

      nexthop-self {off | on}

      outdelay {<0-65535> | off}

      {off | on}

      protocol [{all | <BGP Internal Protocol>}] {off | on}

      route-refresh {off | on}

set bgp internal peer <Peer IP Address>

      accept-routes {all | none|

      authtype none

      holdtime {<6-65535> | default}

      ignore-first-ashop {off | on}

      keepalive {<2-21845> | default}

      log-state-transitions {off | on}

      log-warnings {off | on}

      no-aggregator id {off | on}

      passive-tcp {off | on}

      peer_type <Peer Type> {off | on}

      send-keepalives {off | on}

      send-route-refresh {request | route-update} unicast

      throttle-count {<0-65535> | off}

      trace <BGP Trace Option> {off | on}

      weight {<0-65535> | off}

Parameters:

Parameter

Description

description "Text"

You can enter a brief text description of the group.

graceful-restart-helper {off | on}

Specifies whether the Check Point system should maintain the forwarding state advertised by peer routers even when they restart to minimize the negative effects caused by peer routers restarting.

graceful-restart-helper-stalepath-time seconds

Specifies the maximum amount of time that routes previously received from a restarting router are kept so that they can be revalidated.

The timer is started after the peer sends an indication that it has recovered.

interface [all | <Name of Interface>] {off | on}

Specifies whether to enable the specified internal peer group on all interfaces or a specific interface.

local-address <IP Address> {off | on}

The address used on the local end of the TCP connection with the peer.

For external peers that do not have multihop enabled, the local address must be on an interface that is shared with the peer or with the peer's gateway when the gateway parameter is used.

A session with an external peer is opened only when an interface with a local address through which the peer or gateway address is directly reachable is operating.

For other types of peers, a peer session is maintained when any interface with the specified local address is operating.

In either case, incoming connections are recognized as matching a configured peer only if they are addressed to the configured local address.

Default: off

Note - If running BGP in a cluster you must not configure the local address

med {<0-65535> | default}

Specifies the MED value.

nexthop-self {off | on}

Specifies for this router to send one of its own IP addresses as the BGP next hop.

Default: off

{off | on}

Specifies whether to enable or disable an internal BGP group.

outdelay {<0-65535> | off}

Specifies the amount of time in seconds that a route must be present in the routing database before it is redistributed to BGP.

The configured value applies to all peers configured in this group.

This feature dampens route fluctuation.

Zero (0) means that this feature is disabled.

Default: 0

peer <Peer IP Address> accept-routes all

Specifies an inbound BGP policy route if one is not already configured.

  • all

    Accept routes and installing them with an invalid preference. Depending on the local inbound route policy, these routes are then made active or inactive.

  • none

    Delete routes learned from a peer. This option saves memory overhead when many routes are rejected because no inbound policy exists.

peer <Peer IP Address> aggregator id {off | on}

Specifies the router's aggregate attribute as zero (rather than the router ID value).

This option prevents different routers in an AS from creating aggregate routes with different AS paths

Default: off

peer <Peer IP Address> authtype none

Specifies not to use an authentication scheme between peers.

Using an authentication scheme guarantees that routing information is accepted only from trusted peers.

peer <Peer IP Address> holdtime {<6-65535> | default}

Specifies the BGP holdtime interval, in seconds, when negotiating a connection with the specified peer.

If the BGP speaker does not receive a keepalive update or notification message from its peer within the period specified in the holdtime field of the BGP open message, the BGP connection is closed.

Range: 6-65535 seconds

Default: 180 seconds

peer <Peer IP Address> ignore-first-ashop {off | on}

Specifies to ignore the first autonomous system number in the autonomous system path for routes learned from the corresponding peer.

Set this option only if you are peering with a route server in transparent mode, that is, when the route server is configured to redistribute routes from multiple other autonomous systems without prepending its own autonomous system number.

peer <Peer IP Address> keepalive {<2-21845> | default}

The keepalive option is an alternative way to specify a holdtime value in seconds when negotiating a connection with the specified peer.

You can use the keepalive interval instead of the holdtime interval.

You can also use both interval, but the holdtime value must be 3 times the keepalive interval value.

Range: 2-21845 seconds

Default: 60 seconds

peer <Peer IP Address> log-state-transitions {off | on}

Specifies for the router to log a message whenever a peer enters or leave the established state.

peer <Peer IP Address> log-warnings {off | on}

Specifies for the router to log a message whenever a warning scenario is encountered in the codepath.

peer <Peer IP Address> passive-tcp {off | on}

Specifies for the router to wait for the specified peer to issue an open message.

No TCP connections are initiated by the router.

Default:off

peer <Peer IP Address> peer_type <Peer Type> {off | on}

Specifies an internal peer address and peer type.

Peer types:

  • reflector-client

    Specifies that the local router acts as a route reflector for the group of peers named. That is, the local router is the route reflection server, and the named peers are route reflection clients. Normally, the routing daemon readvertises, or reflects, routes it receives from one of its clients to all other IBGP peers, including the other peers in that client's group.

  • no-client-reflector

    Specifies that a reflection client's routes are reflected only to internal BGP peers in other groups. Clients in the group are assumed to be direct IBGP peers of each other.

  • none

    Specifies not to use route reflection.

peer <Peer IP Address> send-keepalives {off | on}

Specifies for this router always to send keepalive messages even when an update message is sufficient.

This option allows interoperability with routers that do not strictly adhere to protocol specifications regarding update.

peer <Peer IP Address> throttle-count {<0-65535> | off}

Specifies the number of BGP updates to send at one time.

The throttle count option limits the number of BGP updates when there are many BGP peers.

The value "off" disables the throttle count option.

peer <Peer IP Address> trace <BGP Trace Option> {off | on}

Specifies tracing options for your BGP implementation.

Log messages are saved in the var/log/routed/ directory.

Enter the following words to set each trace option:

  • all - to trace all the message types

  • general - to trace message related to Route and Normal

  • keepalive - to trace all the keepalive messages to this peer

  • normal - to trace normal protocol occurrences (abnormal protocol occurrences are always traced)

  • open - to trace all the BGP open messages to this peer

  • packets - to trace all BGP packets to this peer

  • policy - to trace application of the protocol and user-specified policy to routes being imported and exported.

  • route - to trace routing table changes for routes installed by this peer

  • state - to trace state machine transitions in the protocol

  • update - to trace all the BGP update messages to this peer

<Peer IP Address> weight {<0-65535> | off}

Specifies the weight associated with the specified peer.

BGP implicitly stores any rejected routes by not mentioning them in a route filter.

BGP explicitly mentions them within the routing table by using a restrict keyword with a negative weight.

A negative weight prevents a route from becoming active, which prevents it from being installed in the forwarding table or exported to other protocols.

This eliminates the need to break and reestablish a session upon reconfiguration if import route policy is changed.

The value "off" disables the weight associated with the specified peer.

protocol {all | <BGP Internal Protocol>} {off | on}

Specifies whether to enable all internal routing protocols on the specified internal peer group or specific internal protocols.

You can enter one of these internal protocols:

  • direct

  • ospf

  • ospfase

  • rip

  • static

route-refresh {off | on}

Re-learns routes previously sent by the BGP peer or refreshes the routing table of the peer.

The peer responds to the message with the current routing table.

Similarly, if a peer sends a route refresh request the current routing table is re-sent.

A user can also trigger a route update without having to wait for a route refresh request from the peer.

send-route-refresh {request | route-update} unicast

Specifies that the router dynamically request BGP route updates from peers or respond to requests for BGP route updates.