OcNOS-SP : Layer 3 Guide : Layer 3 Unicast Configuration Guide : BGP : Enable Peer Groups
Enable Peer Groups
A BGP speaker might have the same update policies for a set of its peers. This is very useful if you have to change the update policies for all of the peers: Changing individual routers for separate policies can be very time-consuming, thus, peer groups play an important role in creating and assigning policies to a group of routers.
The peer group can be created dynamically or statically.
For dynamic peer groups all configuration can be done at group level only.
The static peer group configuration falls into two categories:
Attributes that can be configured only at group level. Attempt to configure at member peer level will return error.
Attributes that allow member peer level configuration. The member peer configuration has precedence.
Category A: Neighbor configuration allowed only at peer-group level
The outbound update impacting configurations of peer group will replace peer member configurations of same attributes when a peer becomes member of peer group. Outbound attribute modifications to group members are not allowed.
Following are the commands which are allowed at peer-group level.
neighbor WORD activate - neighbor activate
neighbor WORD as-origination-interval <1-65535> - neighbor as-origination-interval
neighbor WORD attribute-unchanged ({as-path|next-hop|med}|) - neighbor attribute-unchanged
neighbor WORD fall-over bfd - neighbor extended-optional-param
neighbor WORD fall-over bfd multihop - neighbor extended-optional-param
neighbor WORD next-hop-self - neighbor next-hop-self
neighbor WORD remove-private-AS - neighbor remove-private-AS
neighbor WORD route-reflector-client - neighbor route-reflector-client
neighbor WORD route-server-client - neighbor route-server-client
neighbor WORD send-community - neighbor send-community
neighbor WORD distribute-list WORD out - neighbor distribute-list
neighbor WORD dont-capability-negotiate - neighbor dont-capability-negotiate
neighbor WORD capability orf prefix-list (both|receive|send) - neighbor capability orf prefix-list
neighbor WORD filter-list WORD out - neighbor filter-list
neighbor WORD prefix-list WORD out - neighbor prefix-list
neighbor WORD route-map WORD out - neighbor route-map
neighbor WORD advertisement-interval <1-65535> - neighbor advertisement-interval
neighbor WORD disallow-infinite-holdtime - neighbor disallow-infinite-holdtime
neighbor WORD local-as <1-4294967295> - neighbor local-as
Category: Neighbor configuration allowed at peer-group member level; precedence based
For the below configuration, member level configurations will take precedence over peer group configuration.
Following are the commands which are allowed at member level also.
neighbor WORD authentication-key WORD - neighbor authentication-key
neighbor WORD remote-as <1-4294967295> - neighbor remote-as
neighbor WORD allowas-in <1-10> - neighbor allowas-in
neighbor WORD description WORD - neighbor description
neighbor WORD distribute-list WORD In - neighbor distribute-list
neighbor WORD ebgp-multihop - neighbor ebgp-multihop
neighbor WORD ebgp-multihop <1-255> - neighbor ebgp-multihop
neighbor WORD maximum-prefix <1-4294967295> - neighbor maximum-prefix
neighbor WORD update-source WORD - neighbor update-source
neighbor WORD weight <0-65535> - neighbor weight
neighbor WORD shutdown - neighbor shutdown
neighbor WORD strict-capability-match - neighbor strict-capability-match
neighbor WORD route-map WORD in - neighbor route-map
neighbor WORD prefix-list WORD in - neighbor prefix-list
neighbor WORD passive - neighbor passive
neighbor WORD override-capability - neighbor override-capability
neighbor WORD filter-list WORD in - neighbor filter-list
neighbor WORD enforce-multihop - neighbor enforce-multihop
neighbor WORD collide-established - neighbor collide-established
BGP Peer Groups for Address-Family IPv4 Unicast
In the following scenario, R1, R2, and R3 belong to the same peer group ABC. R1, R2 and R3 are in AS 200 and R1 is the route reflector.R4 and R1 are eBGP peers. R4 is in AS 100.
Topology
Figure 1-17: BGP Peer Groups with IPv4 Unicast Members
R1
 
#configure terminal
Enter configure mode.
(config)#router bgp 200
Define the routing process. The number 200 specifies the AS number of R2.
(config-router)#neighbor ABC peer-group
Configuring ABC peer-group
(config-router)#neighbor ABC remote-as 200
Assign options to the peer group named ABC.
(config-router)#neighbor 2.2.2.2 peer-group ABC
Define neighbor 2.2.2.2 (R2) as a peer group member.
(config-router)#neighbor 3.3.3.3 peer-group ABC
Define neighbor 3.3.3.3 (R3) as a peer group member.
(config-router)#neighbor 4.4.4.4 remote-as 100
Define neighbor 4.4.4.4 (R4) is the IP address of R4 and 100 is the AS number.
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor ABC activate
Activate neighbor under address family mode
(config-router-af)# neighbor 4.4.4.4 activate
Activate neighbor under address family mode
(config-router-af)# neighbor ABC route-reflector-client
Configure the peer-group ABC to be route-reflector-client
(config-router-af)#network 1.1.1.1/32
Advertise the network 1.1.1.1/32
(config-router-af)#network 11.11.11.11/32
Advertise the network 11.11.11.11/32
(config-router-af)#exit-address-family
Exit address family mode
(config-router)#commit
Commit the candidate configuration to the running configuration.
R2
 
#configure terminal
Enter configure mode.
(config)#router bgp 200
Define the routing process. The number 200 specifies the AS number of R2.
(config-router)#neighbor 2.2.2.1 remote-as 200
Create a TCP connection with neighbor 2.2.2.1 of AS 200.
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor 2.2.2.1 activate
Activate neighbor under address family mode
(config-router-af)#exit-address-family
Exit address family mode
(config-router)#commit
Commit the candidate configuration to the running configuration.
R3
 
#configure terminal
Enter configure mode.
(config)#router bgp 200
Define the routing process. The number 200 specifies the AS number of R3.
(config-router)#neighbor 3.3.3.1 remote-as 200
Create a TCP connection with neighbor 3.3.3.1 of AS 200.
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor 3.3.3.1 activate
Activate neighbor under address family mode
(config-router-af)#exit-address-family
Exit address family mode
(config-router)#commit
Commit the candidate configuration to the running configuration.
R4
 
#configure terminal
Enter configure mode.
(config)#router bgp 100
Define the routing process. The number 100 specifies the AS number of R4.
(config-router)#neighbor 4.4.4.1 remote-as 200
Create a TCP connection with neighbor 4.4.4.1 of AS 200.
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor 4.4.4.1 activate
Activate neighbor under address family mode
(config-router-af)#exit-address-family
Exit address family mode
(config-router)#commit
Commit the candidate configuration to the running configuration.
Validation
R1
R1#show ip bgp neighbors
BGP neighbor is 2.2.2.2, remote AS 200, local AS 200, internal link
Member of peer-group ABC for session parameters
BGP version 4, local router ID 192.168.52.2, remote router ID 10.12.7.155
BGP state = Established, up for 00:04:55
Last read 00:04:55, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 11 messages, 0 notifications, 0 in queue
Sent 11 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
ABC peer-group member
Route-Reflector Client
Community attribute sent to this neighbor (both)
0 accepted prefixes
2 announced prefixes
Connections established 1; dropped 0
Local host: 2.2.2.1, Local port: 33865
Foreign host: 2.2.2.2, Foreign port: 179
Nexthop: 2.2.2.1
Nexthop global: 1111::1
Nexthop local: fe80::a00:27ff:fecc:47a6
BGP connection: non shared network
 
BGP neighbor is 3.3.3.3, remote AS 200, local AS 200, internal link
Member of peer-group ABC for session parameters
BGP version 4, local router ID 192.168.52.2, remote router ID 10.12.7.153
BGP state = Established, up for 00:04:55
Last read 00:04:55, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 11 messages, 0 notifications, 0 in queue
Sent 11 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 2, Offset 0, Mask 0x4
ABC peer-group member
Route-Reflector Client
Community attribute sent to this neighbor (both)
0 accepted prefixes
2 announced prefixes
Connections established 1; dropped 0
Local host: 3.3.3.1, Local port: 44280
Foreign host: 3.3.3.3, Foreign port: 179
Nexthop: 3.3.3.1
Nexthop global: fe80::a00:27ff:fe85:25d4
Nexthop local: ::
BGP connection: non shared network
 
BGP neighbor is 4.4.4.4, remote AS 100, local AS 200, external link
BGP version 4, remote router ID 10.12.7.120
BGP state = Established, up for 00:04:55
Last read 00:04:55, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 11 messages, 0 notifications, 0 in queue
Sent 11 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 3, Offset 0, Mask 0x8
Community attribute sent to this neighbor (both)
0 accepted prefixes
2 announced prefixes
Connections established 1; dropped 0
Local host: 4.4.4.1, Local port: 55493
Foreign host: 4.4.4.4, Foreign port: 179 Nexthop: 4.4.4.1
Nexthop global: fe80::a00:27ff:fe7e:674a
Nexthop local: ::
BGP connection: non shared network
 
R1#show ip bgp summary
BGP router identifier 192.168.52.2, local AS number 200
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/ Down State/PfxRcd
2.2.2.2 4 200 12 12 1 0 0 00:05:02 0
3.3.3.3 4 200 12 12 1 0 0 00:05:02 0
4.4.4.4 4 100 12 12 1 0 0 00:05:02 0
Total number of neighbors 3
Total number of Established sessions 3
 
R2
R2#show ip bgp
BGP table version is 4, local router ID is 10.12.65.123
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 2.2.2.1 0 100 0 i
*>i 11.11.11.11/32 2.2.2.1 0 100 0 i
 
Total number of prefixes 2
R2#
 
R3
R3#show ip bgp
BGP table version is 8, local router ID is 10.12.65.121
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 3.3.3.1 0 100 0 i
*>i 11.11.11.11/32 3.3.3.1 0 100 0 i
 
Total number of prefixes 2
R3#
Peer-group can have either iBGP or eBGP peers but not both.
Validation
The configuration above fails with an appropriate error:
R1(config)#router bgp 200
R1(config-router)#neighbor 4.4.4.4 peer-group ABC
%% Peer with AS 100 cannot be in this peer-group, members must be all internal or all external
R1(config-router)#
Peer group members inherit the properties of Outbound Policies configured for Peer-group.
R1
 
#configure terminal
Enter configure mode.
(config)# ip access-list permit-1
Configure access-list to permit 1.1.1.1/32
(config-ip-acl)# permit any 1.1.1.1/32 any
Configure a permit statement in the acl to permit 1.1.1.1/32
(config-ip-acl)#exit
Exit ip access-list mode
(config)# route-map permit-only-1
Configure route-map
(config-route-map)# match ip address permit-1
Configure a match statement in the route-map to match the access-list permit-1
(config-route-map)#set local-preference 250
Set local preference as 250
(config-route-map)#exit
Exit route-map mode
(config)#router bgp 200
Define the routing process. The number 200 specifies the AS number of R1.
(config-router)# address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor ABC route-map permit-only-1 out
Configure the peer-group ABC with route-map in the outbound direction
(config-router-af)#exit
Exit router BGP mode
(config-router)#exit
Exit router mode.
(config)#commit
Commit the candidate configuration to the running configuration.
(config)# exit
Exit configure terminal mode
#clear ip bgp peer-group ABC soft out
Do outbound soft reset for the peer-group ABC for the policy to take affect for the peer-group members
Validation
R1
 
R1#show bgp neighbors 2.2.2.2
BGP neighbor is 2.2.2.2, remote AS 200, local AS 200, internal link
Member of peer-group ABC for session parameters
BGP version 4, local router ID 10.12.65.126, remote router ID 10.12.65.123
BGP state = Established, up for 00:07:01
Last read 00:00:15, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 20 messages, 0 notifications, 0 in queue
Sent 28 messages, 1 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
ABC peer-group member
Route-Reflector Client
Community attribute sent to this neighbor (both)
Outbound path policy configured
Route map for outgoing advertisements is *permit-only-1
0 accepted prefixes
1 announced prefixes
 
Connections established 2; dropped 1
Local host: 2.2.2.1, Local port: 179
Foreign host: 2.2.2.2, Foreign port: 42657
Nexthop: 2.2.2.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Last Reset: 00:08:39, due to Hold Timer Expired (Notification sent)
Notification Error Message: (Hold Timer Expired/No sub-error code)
 
R1#show bgp neighbors 3.3.3.3
BGP neighbor is 3.3.3.3, remote AS 200, local AS 200, internal link
Member of peer-group ABC for session parameters
BGP version 4, local router ID 10.12.65.126, remote router ID 10.12.65.121
BGP state = Established, up for 00:11:46
Last read 00:00:18, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 29 messages, 0 notifications, 0 in queue
Sent 32 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 2, Offset 0, Mask 0x4
ABC peer-group member
Route-Reflector Client
Community attribute sent to this neighbor (both)
Outbound path policy configured
Route map for outgoing advertisements is *permit-only-1
0 accepted prefixes
1 announced prefixes
 
Connections established 1; dropped 0
Local host: 3.3.3.1, Local port: 179
Foreign host: 3.3.3.3, Foreign port: 48008
Nexthop: 3.3.3.1
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
R2
R2#show ip bgp
BGP table version is 3, local router ID is 10.12.65.123
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 2.2.2.1 0 250 0 i
 
Total number of prefixes 1
R3
R3#show ip bgp
BGP table version is 7, local router ID is 10.12.65.121
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.1/32 3.3.3.1 0 250 0 i
 
Total number of prefixes 1
Peer-group-members cannot be configured with Outbound Policies.
Validation
The above configuration fails with an appropriate error:
R1(config)#router bgp 200
R1(config)#address-family ipv4 unicast
R1(config-router-af)#neighbor 2.2.2.2 route-map permit-only-11 out
%% Invalid command for a peer-group member
 
Peer-group-members inherit the properties of Inbound Policies configured for Peer-group.
R2
 
#configure terminal
Enter configure mode.
(config)# interface lo
Enter interface mode for Loopback interface
(config-if)#ip address 100.1.1.1/24 secondary
Configure IP address for Loopback interaface
(config-if)#interface eth3
Enter interface mode for interface eth3
(config-if)#ip address 22.1.1.1/24
Configure IP address for interface eth3
(config-if)#exit
Exit interface mode
(config)#router bgp 200
Enter router bgp mode
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)#network 22.1.1.0/24
Advertise the network of eth3 in BGP
(config-router-af)#network 100.1.1.0/24
Advertise the network of Loopback in BGP
(config-router-af)#exit-address-family
Exit address family mode.
(config-router)#commit
Commit the candidate configuration to the running configuration.
R3
 
#configure terminal
Enter configure mode.
(config)# interface lo
Enter interface mode for Loopback interface
(config-if)#ip address 100.1.1.2/24 secondary
Configure IP address for Loopback interaface
(config-if)#interface eth3
Enter interface mode for interface eth3
(config-if)#ip address 22.1.1.2/24
Configure IP address for interface eth3
(config-if)#exit
Exit interface mode
(config)#router bgp 200
Enter router bgp mode
(config-router)#address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)#network 22.1.1.0/24
Advertise the network of eth3 in BGP
(config-router-af)#network 100.1.1.0/24
Advertise the network of Loopback in BGP
(config-router-af)#exit-address-family
Exit address family mode.
(config-router)#commit
Commit the candidate configuration to the running configuration.
R1
 
#configure terminal
Enter configure mode.
(config)#ip access-list permit-22
Configure access-list to permit 22.1.1.0/24
(config-ip-acl)# permit any 22.1.1.0/24 any
Configure a permit statement to permit 22.1.1.0/24
(config-ip-acl)#exit
Exit ip access-list mode
(config)#route-map permit-only-22
Configure route-map
(config-route-map)#match ip address permit- 22
Configure match statement in route-map to match the access- list permit-22
(config-route-map)#exit
Exit route-map mode
(config)#router bgp 200
Enter BGP router mode
(config)# address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor ABC activate
Activate peer-group in the address family
(config-router-af)#neighbor ABC route-map permit-only-22 in
Configure the peer-group ABC with route-map in the inbound direction
(config-router)#exit
Exit router bgp mode
(config)#commit
Commit the candidate configuration to the running configuration.
(config)# exit
Exit configure terminal mode
#clear ip bgp peer-group ABC soft in
Do inbound soft reset for the peer-group ABC for the policy to take affect for the peer-group members
Validation
R1
R1#show ip bgp
 
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, a add-path, g group-best, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 100 32768 i
*> 11.11.11.11/32 0.0.0.0 0 100 32768 i
*>i 22.1.1.0/24 2.2.2.2 0 100 0 i
* i 3.3.3.3 0 100 0 i
 
Total number of prefixes 3
 
Peer group members can be configured with Inbound Policies
R1
 
#configure terminal
Enter configure mode.
(config)#ip access-list permit-100
Configure access-list to permit 100.1.1.0/24
(config-ip-acl)# permit any 100.1.1.0/24 any
Configure a permit statement to permit 100.1.1.0/24
(config-ip-acl)#exit
Exit ip access-list mode
(config)#route-map permit-only-100
Configure route-map
(config-route-map)#match ip address permit- 100
Configure match statement in route-map to match the access- list permit-100
(config-route-map)#exit
Exit route-map mode
(config)#router bgp 200
Enter BGP router mode
(config)# address-family ipv4 unicast
Enter address-family ipv4 unicast mode
(config-router-af)# neighbor 2.2.2.2 activate
Activate neighbor in the address family
(config-router-af)#neighbor 2.2.2.2 route- map permit-only-100 in
Configure the peer-group-member R2(2.2.2.2) with route-map in the inbound direction
(config-router-af)#exit
Exit address-family mode
(config-router)#exit
Exit router bgp mode
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config)# exit
Exit configure terminal mode
#clear ip bgp peer-group ABC soft in
Do inbound soft reset for the peer-group ABC for the policy to take affect for the peer-group members
Validation
R1
R1#show ip bgp
BGP table version is 4, local router ID is 10.12.65.126
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 100 32768 i
*> 11.11.11.11/32 0.0.0.0 0 100 32768 i
*>i 22.1.1.0/24 3.3.3.3 0 100 0 i
*>i 100.1.1.0/24 2.2.2.2 0 100 0 i
 
Total number of prefixes 4
R1#
Last modified date: 10/16/2023