BGP Automated Dynamic Route Policy Update

OcNOS SP : Key Features : Improved Routing : BGP Automated Dynamic Route Policy Update

Overview

The Border Gateway Protocol (BGP) is a peer routing protocol, and route maps within BGP play an essential role in filtering and modifying routing information to ensure that only the most optimal routes are advertised. BGP route maps use a combination of prefix lists and sequence numbers, which provide precise control over which IP addresses are allowed or denied. These route maps can be applied in both inbound (Adj-RIB-In) and outbound (Adj-RIB-Out) directions for routing updates to BGP peer neighbors.

In OcNOS 6.5.x or earlier releases, route maps are not automatically applied to a BGP peer neighbor upon updates. Manually executing commands, such as clear ip bgp A.B.C.D with soft in/out, is required for each address family to apply route map changes. This manual intervention is necessary to reflect the changes in the BGP Routing Information Base (RIB).

To address this limitation, a new CLI bgp auto-policy-soft-reset enable, has been introduced. This functionality automatically applies changes to the BGP RIB when route maps or associated lists (such as prefix-list, distribute-list, as-list, access-list, community-list, extended community list, redistribution settings, and more) are applied or updated to a BGP peer neighbor. This dynamic route policy update eliminates the need for the manual execution of the clear ip bgp <> soft in/out command for various address families. This greatly simplifies network operations.

The dynamic seamless BGP route policy update introduces the following two new CLIs:

• bgp auto-policy-soft-reset enable

• debug bgp soft-clear

Note: The bgp auto-policy-soft-reset enable functionality is applicable only when apply or remove or update the following:

• route map

• prefix-list

• distribute-list

• as-list

• access-list

• community-list

Note: This functionality is not supported:

• when the peer does not support route refresh messages.

• when the peer is configured with bgp soft-reconfig-backup.

• when the router config disables auto soft reset and the administrator prefers manual resets instead.

Benefits

This feature benefits network administrators by reducing the manual effort involved in BGP route filtering and advertisement updates, improving operational efficiency, and ensuring that routing policies are applied immediately without requiring a BGP session reset in real-time propagation of routing information.

Prerequisites

Make sure the provider edge routers and BGP route reflectors have the following active configurations.

• Stable BGP session should exist between Provider edge nodes.

• Support for IPv4, IPv6, VPNv4, BGP Labeled-Unicast, VPNv6 address families on all nodes.

• Established BGP neighbor peers or peer groups are up.

• Ensure baseline BGP configurations are proper.

• Check advertised and received routes for accuracy.

Configuring BGP auto-policy-soft-reset

This procedure outlines the steps to configure the bgp auto-policy-soft-reset enable functionality, which ensures routing policy changes are applied without disrupting active BGP sessions.

Topology

The configuration uses the below topology, which involves two Provider Edge routers PE1, PE2 and an iBGP router act as a Route Reflector (RR) between PE1 and PE2.

Topology of BGP Auto Policy Soft Reset

Note: Before configuration meet all Prerequisites

Procedure

This procedure uses the following interfaces and IP addresses:

• PE1 - xe3 interface IP address 10.11.1.1/29, loopback IP - 1.1.1.1/32

• PE2 - ge14 IP address 10.12.3.2/29, loopback IP - 3.3.3.3/32

• RR - ce46/1 IP address 10.11.1.2/29, loopback IP - 11.11.11.11/32

1. Verify the base BGP configuration on PE1, PE2, and RR before enabling the bgp soft-clear CLI. Refer to the sample out shown in PE1 - Before enabling the bgp auto-policy-soft-reset CLI, RR - Before enabling the bgp auto-policy-soft-reset CLI, and PE2- Before enabling the bgp auto-policy-soft-reset CLI.

2. Verify the interface, label-switching, IGP, LDP, existing route maps filter criteria such as prefix-list on PE1 and PE2. Here, is the sample configuration.

PE1

debug bgp soft-clear

ip vrf management

ip vrf vrf221

rd 221:1

route-target both 221:1

router ldp

session-protection

targeted-peer ipv4 3.3.3.3

exit-targeted-peer-mode

transport-address ipv4 1.1.1.1

interface lo

ip address 127.0.0.1/8

ip address 1.1.1.1/32 secondary

ipv6 address ::1/128

interface xe3

description connected-to-RR

load-interval 30

ip address 10.11.1.1/29

ipv6 address 3001::2/64

mtu 9216

label-switching

ipv6 router ospf area 0.0.0.0 instance-id 0

enable-ldp ipv4

router ospf 100

ospf router-id 1.1.1.1

network 1.1.1.1/32 area 0.0.0.0

network 10.2.1.0/29 area 0.0.0.0

network 10.11.1.0/29 area 0.0.0.0

router ipv6 ospf

router-id 1.1.1.1

PE2

debug bgp soft-clear

ip vrf vrf221

rd 221:1

route-target both 221:1

router ldp

auto-targeted-session

session-protection

transport-address ipv4 3.3.3.3

interface lo

ip address 127.0.0.1/8

ip address 3.3.3.3/32 secondary

ipv6 address ::1/128

interface ge14

description connected-to-RR

load-interval 30

ip address 10.12.3.2/29

ipv6 address 6001::3/64

mtu 9216

label-switching

ipv6 router ospf area 0.0.0.0 instance-id 0

enable-ldp ipv4

router ospf 100

network 3.3.3.3/32 area 0.0.0.0

network 10.12.3.0/29 area 0.0.0.0

network 10.12.4.0/29 area 0.0.0.0

router ipv6 ospf

router-id 3.3.3.3

debug bgp soft-clear

ip vrf management

router ldp

interface ce46/1

description connected-to-PE1

load-interval 30

ip address 10.11.1.2/29

ipv6 address 3001::3/64

mtu 9216

label-switching

ipv6 router ospf area 0.0.0.0 instance-id 0

enable-ldp ipv4

interface lo

ip address 127.0.0.1/8

ip address 11.11.11.11/32 secondary

ipv6 address ::1/128

interface xe3

description connected-to-PE2

speed 1g

load-interval 30

ip address 10.12.3.3/29

ipv6 address 6001::2/64

mtu 9216

label-switching

ipv6 router ospf area 0.0.0.0 instance-id 0

enable-ldp ipv4

exit

router ospf 100

ospf router-id 11.11.11.11

network 10.11.1.0/29 area 0.0.0.0

network 10.11.12.0/29 area 0.0.0.0

network 10.12.3.0/29 area 0.0.0.0

network 11.11.11.11/32 area 0.0.0.0

router ipv6 ospf

router-id 11.11.11.11

3. Enable bgp auto-policy-soft-reset on PE1, PE2, and RR. Here, is the sample configuration.

PE1

router bgp 100

bgp router-id 1.1.1.1

bgp auto-policy-soft-reset enable

PE2

router bgp 100

bgp router-id 3.3.3.3

bgp auto-policy-soft-reset enable

router bgp 100

bgp router-id 11.11.11.11

bgp auto-policy-soft-reset enable

no bgp inbound-route-filter

neighbor peer_group1 peer-group

neighbor peer_group1 remote-as 100

neighbor peer_group1 update-source lo

neighbor peer_group1 advertisement-interval 0

neighbor 1.1.1.1 peer-group peer_group1

neighbor 3.3.3.3 peer-group peer_group1

4. Add a route map policy on PE1. For example, configure route map to allow or deny additional prefixes and change the attributes values.

ip prefix-list prefix1

seq 5 permit 31.0.1.0/24

route-map rm_pe1 permit 1

match ip address prefix-list prefix1

set metric 200

set weight 200

set local-preference 200

set community 100:101

5. Add a route map policy on PE2. For example, configure route map to allow or deny additional prefixes and change the attributes values.

ip community-list standard Community1 permit 100:101

route-map rm_pe2 permit 1

match community Community1

set community 100:102

6. Attach the updated route map filter to BGP peers on PE1 and PE2. For example, on PE1, attach the route map to filter specific routes on outgoing routes using “neighbor 11.11.11.11 route-map rm-pe1 out” command towards PE2 under address family vpnv4 unicast. On, PE2, attach it to filter specific routes on incoming routes using “neighbor 11.11.11.11 route-map rm-pe2 in” command under address family vpnv4 unicast.

PE1

router bgp 100

bgp router-id 1.1.1.1

address-family vpnv4 unicast

neighbor 11.11.11.11 activate

neighbor 11.11.11.11 route-map rm_pe1 out

exit-address-family

PE2

router bgp 100

bgp router-id 3.3.3.3

address-family vpnv4 unicast

neighbor 11.11.11.11 activate

neighbor 11.11.11.11 route-map rm_pe2 in

exit-address-family

7. Verify the advertised and received routes to ensure the policy changes have taken effect on PE1, PE2 and RR. Refer to the sample out shown in PE2 - After enabling the bgp auto-policy-soft-reset.

Validation

PE1 - Before enabling the bgp auto-policy-soft-reset CLI

The following show output displays the active BGP configuration PE1

PE1#show running-config bgp

router bgp 100

bgp router-id 1.1.1.1

neighbor 11.11.11.11 remote-as 100

neighbor 11.11.11.11 update-source lo

neighbor 11.11.11.11 advertisement-interval 0

address-family ipv4 unicast

network 1.1.1.1/32

exit-address-family

address-family ipv4 labeled-unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family vpnv4 unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family vpnv6 unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family ipv6 unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family ipv4 vrf vrf221

redistribute connected

redistribute ospf

neighbor 101.1.1.10 remote-as 200

neighbor 101.1.1.10 activate

exit-address-family

address-family ipv6 vrf vrf221

redistribute connected

exit-address-family

exit

PE1#

PE1#show ip bgp labeled-unicast summary

BGP router identifier 1.1.1.1, local AS number 100

BGP table version is 1

2 BGP AS-PATH entries

0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc

11.11.11.11 4 100 49 36 1 0 0 00:11:55 0

Total number of neighbors 1

Total number of Established sessions 1

PE1#

PE1#show ip bgp vpnv4 vrf vrf221

Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal, l - labeled

S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 221:1 (Default for VRF vrf221)

*> l 31.0.0.0/24 101.1.1.10 0 100 0 200 i

*> l 31.0.1.0/24 101.1.1.10 0 100 0 200 i

*> l 31.0.2.0/24 101.1.1.10 0 100 0 200 i

*> l 33.0.0.0/24 101.1.1.10 0 100 0 200 i

*> l 33.0.1.0/24 101.1.1.10 0 100 0 200 i

*> l 33.0.2.0/24 101.1.1.10 0 100 0 200 i

*>il 33.0.3.0/24 3.3.3.3 0 100 0 200 i

*>il 33.0.4.0/24 3.3.3.3 0 100 0 200 i

*> l 101.1.1.0/24 0.0.0.0 0 100 32768 ?

*>il 151.1.1.0/24 3.3.3.3 0 100 0 ?

Announced routes count = 7

Accepted routes count = 3

PE1#

PE1#show ip bgp vpnv4 vrf vrf221 31.0.1.0

Route Distinguisher: 221:1 (Default for VRF vrf221) Routing Entry for prefix: 31.0.1.0/24

Advertised to non peer-group peers:

11.11.11.11 11.11.11.11

AS path:200

Path Selection reason: Nothing left to compare

Nexthop:101.1.1.10 (IGP metric 0) from 101.1.1.10 (Remote Id:192.0.4.53) Peer nexthop: 101.1.1.10

Origin IGP, metric 0, localpref 100, Out-label 0, In-label 24384, refcnt: 1

valid, external, best, source-safi: 1

Extended Community: RT:221:1

rx path_id: -1 tx path_id: -1

Add-Path Announcement: Not advertised to any peer

Last update: Fri Dec 6 18:11:29 2024, 00:12:28 ago

RR - Before enabling the bgp auto-policy-soft-reset CLI

The following show output displays the active BGP configuration on RR b

RR#show running-config bgp

router bgp 100

bgp router-id 11.11.11.11

bgp auto-policy-soft-reset enable

no bgp inbound-route-filter

neighbor peer_group1 peer-group

neighbor peer_group1 remote-as 100

neighbor peer_group1 update-source lo

neighbor peer_group1 advertisement-interval 0

neighbor 1.1.1.1 peer-group peer_group1

neighbor 3.3.3.3 peer-group peer_group1

address-family ipv4 unicast

network 11.11.11.11/32

exit-address-family

address-family ipv4 labeled-unicast

neighbor peer_group1 activate

neighbor peer_group1 route-reflector-client

exit-address-family

address-family vpnv4 unicast

neighbor peer_group1 activate

neighbor peer_group1 route-reflector-client

exit-address-family

address-family vpnv6 unicast

neighbor peer_group1 activate

neighbor peer_group1 route-reflector-client

exit-address-family

address-family ipv6 unicast

neighbor peer_group1 activate

neighbor peer_group1 route-reflector-client

exit-address-family

exit

RR#

RR#show ip bgp labeled-unicast summary

BGP router identifier 11.11.11.11, local AS number 100

BGP table version is 1

2 BGP AS-PATH entries

0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc

1.1.1.1 4 100 124 142 1 0 0 00:09:33 0

3.3.3.3 4 100 140 131 1 0 0 00:01:14 0

Total number of neighbors 2

Total number of Established sessions 2

RR#

RR#show ip bgp vpnv4 all summary

BGP router identifier 11.11.11.11, local AS number 100

BGP table version is 14

2 BGP AS-PATH entries

0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc

1.1.1.1 4 100 124 142 14 0 0 00:09:47 7

3.3.3.3 4 100 140 131 14 0 0 00:01:28 3

Total number of neighbors 2

Total number of Established sessions 2

RR#

PE2- Before enabling the bgp auto-policy-soft-reset CLI

The following show output displays the active BGP configuration on PE2.

PE2#

PE2#show running bgp

router bgp 100

bgp router-id 3.3.3.3

bgp auto-policy-soft-reset enable

neighbor 11.11.11.11 remote-as 100

neighbor 11.11.11.11 update-source lo

neighbor 11.11.11.11 advertisement-interval 0

address-family ipv4 unicast

network 3.3.3.3/32

exit-address-family

address-family ipv4 labeled-unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family vpnv4 unicast

neighbor 11.11.11.11 activate

neighbor 11.11.11.11 route-map rm_pe2 in

exit-address-family

address-family vpnv6 unicast

neighbor 11.11.11.11 activate

exit-address-family

address-family ipv6 unicast

exit-address-family

address-family ipv4 vrf vrf221

redistribute connected

redistribute ospf

neighbor 151.1.1.10 remote-as 200

neighbor 151.1.1.10 activate

exit-address-family

address-family ipv6 vrf vrf221

redistribute connected

exit-address-family

exit

PE2#

PE2#show ip bgp labeled-unicast summary

BGP router identifier 3.3.3.3, local AS number 100

BGP table version is 1

2 BGP AS-PATH entries

0 BGP community entries

Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc

11.11.11.11 4 100 45 55 1 0 0 00:05:17 0

Total number of neighbors 1

Total number of Established sessions 1

PE2#show ip bgp vpnv4 vrf vrf221

Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal, l - labeled

S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 221:1 (Default for VRF vrf221)

*>il 31.0.0.0/24 1.1.1.1 0 100 0 200 i

*>il 31.0.1.0/24 1.1.1.1 0 100 0 200 i

*>il 31.0.2.0/24 1.1.1.1 0 100 0 200 i

*>il 33.0.0.0/24 1.1.1.1 0 100 0 200 i

*>il 33.0.1.0/24 1.1.1.1 0 100 0 200 i

*>il 33.0.2.0/24 1.1.1.1 0 100 0 200 i

*> l 33.0.3.0/24 151.1.1.10 0 100 0 200 i

*> l 33.0.4.0/24 151.1.1.10 0 100 0 200 i

*>il 101.1.1.0/24 1.1.1.1 0 100 0 ?

*> l 151.1.1.0/24 0.0.0.0 0 100 32768 ?

Announced routes count = 3

Accepted routes count = 7

PE2#

PE2#show ip bgp vpnv4 vrf vrf221 31.0.1.0

Route Distinguisher: 221:1 (Default for VRF vrf221) Routing Entry for prefix: 31.0.1.0/24

Not advertised to any peer

AS path:200

Path Selection reason: Nothing left to compare

Nexthop:1.1.1.1 (IGP metric 3) from 11.11.11.11 (Originator Id:1.1.1.1) (Remote Id:11.11.11.11) Peer nexthop: 11.11.11.11

Origin IGP, metric 0, localpref 100, Out-label 24384 valid, internal, best, source-safi: 128

Duplicated: (source VRF-ID: 0, source VRF: DEFAULT, VRF-External, imported)

Extended Community: RT:221:1

Originator: 1.1.1.1, Cluster list: 11.11.11.11

rx path_id: -1 tx path_id: -1

Add-Path Announcement: Not advertised to any peer

Last update: Fri Dec 6 18:19:48 2024, 00:05:25 ago

PE1 - After enabling the bgp auto-policy-soft-reset

Following show output displays the modified route policy.

PE1#show running-config route-map

route-map rm_pe1 permit 1

match ip address prefix-list prefix1

set metric 200

set weight 200

set local-preference 200

set community 100:101

PE1#

PE2 - After enabling the bgp auto-policy-soft-reset

The following show output displays the active BGP configuration on PE2.

PE2#show ip bgp vpnv4 vrf vrf221 31.0.1.0

Route Distinguisher: 221:1 (Default for VRF vrf221) Routing Entry for prefix: 31.0.1.0/24

Not advertised to any peer

AS path:200

Path Selection reason: Nothing left to compare

Nexthop:1.1.1.1 (IGP metric 3) from 11.11.11.11 (Originator Id:1.1.1.1) (Remote Id:11.11.11.11) Peer nexthop: 11.11.11.11

Origin IGP, metric 200, localpref 200, Out-label 24384 valid, internal, best, source-safi: 128

Duplicated: (source VRF-ID: 0, source VRF: DEFAULT, VRF-External, imported)

Community: 100:102

Extended Community: RT:221:1

Originator: 1.1.1.1, Cluster list: 11.11.11.11

rx path_id: -1 tx path_id: -1

Add-Path Announcement: Not advertised to any peer

Last update: Mon Dec 2 23:18:45 2024, 00:17:31 ago

PE2#

Implementation Examples

Following are some of the use cases where manual clearance clear ip bgp A.B.C.D soft out of route updates are necessary before applying them to a neighbor peer or peer group.

Scenario 1:

When configuring bgp additional-paths with options send|receive|send-receive|select (all | best<2-3>))or when enabling neighbor advertise additional-paths, route change occurs that needs to be updated in the neighbor peer or peer group through BGP RIB-out.

Scenario 2:

Configuring neighbor unsuppress-map leads to route changes that needs to be announced in BGP RIB-out.

Scenario 3:

Enabling neighbor allowas-in causes change in routes that needs to accepted via BGP RIB-in.

Scenario 4:

When multiple BGP address families facilitate route management between two customer edge devices (CE1 and CE2) via Route Reflector, enabling bgp auto-policy-soft-reset enable dynamically updates newly announced route map prefixes.

CLI Commands

Following are the new CLIs introduced to clear the route-map updates automatically for each BGP address-family.

bgp auto-policy-soft-reset enable

Use this command ONLY to enable BGP soft clear for address families IPv4, IPv6, VPNv4, VPNv6, labeled-unicast regarding route map, table-map, prefix-list, distribute-list, as-list, access-list or community-list updates to apply the modified routes and attributes automatically on the neighbor peer or peer group.

Use the no form of this CLI to disable the soft reset.

Note: EVPN address family is not supported.

Command Syntax

bgp auto-policy-soft-reset enable

no bgp auto-policy-soft-reset enable

Parameters

None

Default

Disabled

Command Mode

BGP Router Mode

Applicability

Introduced in OcNOS version 6.6.0.

Example

Entering the CLI enables the soft clear the route map.

OcNOS(config)#router bgp

OcNOS(config-router)#bgp auto-policy-soft-reset enable

OcNOS(config-router)#address-family vpnv4 unicast

OcNOS(config-router-af)#neighbor 50.50.50.50 prefix-list prefix-inside in

OcNOS(config-router-af)#commit

OcNOS(config-router-af)#exit

OcNOS(config-router)#commit

debug bgp soft-clear

Use this command to log the BGP auto soft clear information with timestamp for debug purpose.

Command Syntax

debug bgp soft-clear

Parameters

None

Default

Disabled

Command Mode

Configure Mode

Applicability

Introduced in OcNOS version 6.6.0.

Example

Entering the CLI enables the BGP soft clear log file.

OcNOS(config)#debug bgp soft-clear

Glossary

The following provides definitions for key terms or abbreviations and their meanings used throughout this document:

Key Terms/Acronym	Description
AS	Autonomous System
BGP	Border Gateway Protocol router
PE	Provider Edge router
RIB	Route Information Base
RR	Route-Reflector router
Route-map	Maps used for filtering RIB in/out on various use cases
Prefix list	List created on router with Network prefixes ge, le options too to indicate network address length
Access List	List created on a router with IP addresses mentioned (IPv4, IPv6) without any network address length flexibility like prefix lists.
AS List	Autonomous System path list where BGP can filter routes based on AS path it checks in the control packet
Community List	Community is a mini group inside AS, and BGP can filter these communities based on AS:NN where the first 16 bits are AS, next 16 bits a unique number with AS.