Confederation
Scenario to verify BGP confederation parameter configuration.
BGP confederations allow dividing an autonomous system into multiple
sub-autonomous systems while presenting a single AS to external peers.
The confederation identifier defines the public AS number visible to
the outside, while each router runs BGP with its sub-AS number. The
confederation peers command lists the other sub-AS numbers that belong
to the same confederation.
The scenario covers three cases by checking the neighbor link type
reported by FRR in show ip bgp neighbors:
confed-internal link — both DUTs in the same sub-AS (65001) with confederation parameters configured.
confed-external link — DUTs in different sub-ASes (65001 and 65002) that declare each other as
confederation peersunder the same identifier 100.internal link — same topology without confederation, used as baseline to confirm that the
confed-*results above are caused by the confederation configuration.
Test iBGP - Confederation parameters change peer link type to confed-internal
Description
Test that confederation identifier and confederation peers are
correctly applied. DUT0 and DUT1 are in the same sub-AS (65001)
with confederation identifier 100 and peer 65002. The test verifies
that FRR reports the neighbor as confed-internal link (instead of
internal link), proving the confederation is active. It also verifies
that routes are exchanged correctly within the confederation sub-AS.
Scenario
Note
DUT0 and DUT1 are in sub-AS 65001 with confederation identifier 100 and peer 65002.
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 65001 neighbor peer remote-address 10.10.0.200 set protocols bgp 65001 neighbor peer remote-as 65001 set protocols bgp 65001 parameters confederation identifier 100 set protocols bgp 65001 parameters confederation peers 65002 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 65001 neighbor peer remote-address 10.10.0.100 set protocols bgp 65001 neighbor peer remote-as 65001 set protocols bgp 65001 parameters confederation identifier 100 set protocols bgp 65001 parameters confederation peers 65002 set protocols bgp 65001 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run the command protocols bgp show ip summary on DUT0 and check whether the output contains the following tokens:
EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65001 5 4 2 0 0 00:00:05 Established 2 0 N/A Total number of neighbors 1
Attention
Verify iBGP session establishes within the confederation sub-AS.
Step 4: Run the command protocols bgp show ip summary on DUT0 and check whether the output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65001 5 4 2 0 0 00:00:05 Established 2 0 N/A Total number of neighbors 1
Attention
Verify DUT0 receives route 1.1.1.0/24 from DUT1.
Step 5: Run the command protocols bgp show ip on DUT0 and check whether the output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 2, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 65001 Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *ui 1.1.1.0/24 10.10.0.200 0 100 0 ? *ui 10.10.0.0/24 10.10.0.200 0 100 0 ? Displayed 2 routes and 2 total paths
Note
With confederation configured, FRR reports the peer as confed-internal link instead of internal link.
Step 6: Run the command protocols bgp show ip neighbors on DUT0 and check whether the output matches the following regular expressions:
confed-internal linkShow output
BGP neighbor is 10.10.0.200, remote AS 65001, local AS 65001, confed-internal link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:05 Last read 00:00:04, Last write 00:00:04 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Peer has restarted (R-bit is set) Peer has restarted (N-bit is set) Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 0 0 Updates: 1 3 Keepalives: 1 1 Route Refresh: 0 0 Capability: 0 0 Total: 4 5 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds Update delay timer is 0 seconds (remaining: 0) For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) 2 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset 00:00:07, No path to specified Neighbor (n/a) Internal BGP neighbor may be up to 255 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 50466 Nexthop: 10.10.0.100 Nexthop global: fe80::dcad:beff:feef:6c00 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms Read thread: on Write thread: on FD used: 29
Test BGP - Neighbor remote-as matching confederation peers reports confed-external link
Description
Test that a neighbor whose remote-as matches a value listed in
parameters confederation peers is accepted at commit time and
recognized by FRR as a peer in another sub-AS of the same
confederation. DUT0 is configured in sub-AS 65001 and DUT1
in sub-AS 65002, with both declaring each other under
confederation identifier 100. The test verifies that FRR reports
the neighbor as confed-external link and that routes are
exchanged between the sub-ASes.
Scenario
Note
DUT0 (sub-AS 65001) and DUT1 (sub-AS 65002) belong to the same confederation 100.
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 65001 neighbor peer remote-address 10.10.0.200 set protocols bgp 65001 neighbor peer remote-as 65002 set protocols bgp 65001 parameters confederation identifier 100 set protocols bgp 65001 parameters confederation peers 65002 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 65002 neighbor peer remote-address 10.10.0.100 set protocols bgp 65002 neighbor peer remote-as 65001 set protocols bgp 65002 parameters confederation identifier 100 set protocols bgp 65002 parameters confederation peers 65001 set protocols bgp 65002 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run the command protocols bgp show ip summary on DUT0 and check whether the output contains the following tokens:
EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65002 5 5 2 0 0 00:00:05 Established 2 2 N/A Total number of neighbors 1
Attention
Verify the BGP session establishes between the two sub-ASes of the confederation.
Step 4: Run the command protocols bgp show ip summary on DUT0 and check whether the output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65002 5 5 2 0 0 00:00:05 Established 2 2 N/A Total number of neighbors 1
Attention
Verify DUT0 receives route 1.1.1.0/24 from DUT1.
Step 5: Run the command protocols bgp show ip on DUT0 and check whether the output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 2, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 65001 Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *u 1.1.1.0/24 10.10.0.200 0 100 0 (65002) ? *u 10.10.0.0/24 10.10.0.200 0 100 0 (65002) ? Displayed 2 routes and 2 total paths
Note
With remote-as matching a confederation peer, FRR reports the neighbor as confed-external link.
Step 6: Run the command protocols bgp show ip neighbors on DUT0 and check whether the output matches the following regular expressions:
confed-external linkShow output
BGP neighbor is 10.10.0.200, remote AS 65002, local AS 65001, confed-external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 Neighbor under common administration BGP state = Established, up for 00:00:05 Last read 00:00:04, Last write 00:00:04 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Peer has restarted (R-bit is set) Peer has restarted (N-bit is set) Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 0 0 Updates: 2 3 Keepalives: 1 1 Route Refresh: 0 0 Capability: 0 0 Total: 5 5 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds Update delay timer is 0 seconds (remaining: 0) For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) 2 accepted, 2 sent prefixes Connections established 1; dropped 0 Last reset 00:00:07, No path to specified Neighbor (n/a) External BGP neighbor may be up to 1 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 32930 Nexthop: 10.10.0.100 Nexthop global: fe80::dcad:beff:feef:6c00 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms Read thread: on Write thread: on FD used: 29
Test iBGP - Without confederation peer link type is internal
Description
Test that without confederation parameters, the same iBGP topology
reports the neighbor as standard internal link. This serves as
a baseline to confirm that the confed-internal link and
confed-external link outputs in the previous tests are caused
by the confederation configuration.
Scenario
Note
Same topology as the previous tests but without confederation identifier and peers.
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 65001 neighbor peer remote-address 10.10.0.200 set protocols bgp 65001 neighbor peer remote-as 65001 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 65001 neighbor peer remote-address 10.10.0.100 set protocols bgp 65001 neighbor peer remote-as 65001 set protocols bgp 65001 redistribute connected set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Run the command protocols bgp show ip summary on DUT0 and check whether the output contains the following tokens:
EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65001 5 4 2 0 0 00:00:05 Established 2 0 N/A Total number of neighbors 1
Attention
Verify iBGP session establishes without confederation.
Step 4: Run the command protocols bgp show ip summary on DUT0 and check whether the output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 65001 VRF default vrf-id 0 BGP table version 2 RIB entries 3, using 456 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 65001 5 4 2 0 0 00:00:05 Established 2 0 N/A Total number of neighbors 1
Attention
Verify DUT0 receives route 1.1.1.0/24 from DUT1.
Step 5: Run the command protocols bgp show ip on DUT0 and check whether the output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 2, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 65001 Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *ui 1.1.1.0/24 10.10.0.200 0 100 0 ? *ui 10.10.0.0/24 10.10.0.200 0 100 0 ? Displayed 2 routes and 2 total paths
Note
Without confederation, FRR reports the peer as standard internal link.
Step 6: Run the command protocols bgp show ip neighbors on DUT0 and check whether the output matches the following regular expressions:
internal linkShow output
BGP neighbor is 10.10.0.200, remote AS 65001, local AS 65001, internal link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:05 Last read 00:00:04, Last write 00:00:04 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Peer has restarted (R-bit is set) Peer has restarted (N-bit is set) Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 0 0 Updates: 1 3 Keepalives: 1 1 Route Refresh: 0 0 Capability: 0 0 Total: 4 5 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds Update delay timer is 0 seconds (remaining: 0) For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) 2 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset 00:00:07, No path to specified Neighbor (n/a) Internal BGP neighbor may be up to 255 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 51378 Nexthop: 10.10.0.100 Nexthop global: fe80::dcad:beff:feef:6c00 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms Read thread: on Write thread: on FD used: 29