Capability
Test BGP address-family ipv6-unicast capability orf options. The orf prefix-list option enables Outbound Route Filtering, which allows a router to send its inbound prefix-list filters to a neighbor so the neighbor can apply them as outbound filters. This reduces bandwidth and processing overhead by filtering unwanted routes at the source instead of receiving and then discarding them. ORF requires one peer configured in send mode to push its import filter, and the other peer in receive mode to accept and apply it as an export filter.
Test iBGP IPv6 - Without ORF receives all routes
Description
Baseline test without ORF to demonstrate default behavior. DUT1 advertises two networks (2001:db8:10::/64 and 2001:db8:20::/64) and DUT0 receives both of them. This serves as a comparison point for the ORF test that follows.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.100 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces dummy dum1 address '2001:db8:20::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 20 address-family ipv6-unicast redistribute connected set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 20 2 4 0 0 0 00:00:00 Established 0 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives routes 2001:db8:10::/64 and 2001:db8:20::/64 from DUT1 (no filtering).
Step 4: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:10::/64[\s\S]*2001:db8:20::/64Show output
BGP table version is 3, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 2001:db8:1::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? *>i 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? *>i 2001:db8:20::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 3 routes and 3 total paths
Test iBGP IPv6 - Capability ORF prefix-list filters routes at source
Description
Test BGP address-family ipv6-unicast capability orf prefix-list which enables Outbound Route Filtering. DUT0 is configured with ORF send mode and has a prefix-list that only permits 2001:db8:10::/64. DUT0 sends this filter to DUT1 via ORF. DUT1 is configured with ORF receive mode, so it accepts the filter and applies it to its outbound updates. As a result, DUT1 only sends 2001:db8:10::/64 to DUT0, even though it has both 2001:db8:10::/64 and 2001:db8:20::/64 in its routing table. This demonstrates how ORF reduces unnecessary route advertisements by filtering at the source.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer address-family ipv6-unicast capability orf prefix-list send set protocols bgp 20 neighbor peer address-family ipv6-unicast prefix-list import ALLOW-NET1 set protocols bgp 20 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.100 set protocols ipv6 prefix-list ALLOW-NET1 rule 1 action permit set protocols ipv6 prefix-list ALLOW-NET1 rule 1 prefix '2001:db8:10::/64' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces dummy dum1 address '2001:db8:20::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 20 address-family ipv6-unicast redistribute connected set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer address-family ipv6-unicast capability orf prefix-list receive set protocols bgp 20 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes with ORF capability.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 20 2 5 0 0 0 00:00:01 Established 0 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify ORF prefix-list capability is negotiated between peers.
Step 4: Run command protocols bgp show ipv6 neighbors at DUT0 and check if output matches the following regular expressions:
Outbound Route Filter \(ORF\): sentShow output
BGP neighbor is 2001:db8:1::200, remote AS 20, local AS 20, internal link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 1.1.1.200, local router ID 1.1.1.100 BGP state = Established, up for 00:00:01 Last read 00:00:00, Last write 00:00:00 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1428 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received IPv6 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) IPv6 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Address Family IPv6 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: advertised software version (FRRouting/10.4.1) received software version (FRRouting/10.4.1) Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast, IPv6 Unicast End-of-RIB received: IPv4 Unicast, IPv6 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 IPv6 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 1 0 Updates: 2 3 Keepalives: 1 1 Route Refresh: 1 1 Capability: 0 0 Total: 7 6 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) 0 accepted, 0 sent prefixes For address family: IPv6 Unicast Update group 2, subgroup 2 Packet Queue length 0 AF-dependant capabilities: Outbound Route Filter (ORF) type (64) Prefix-list: Send-mode: advertised Receive-mode: received Outbound Route Filter (ORF): sent; Community attribute sent to this neighbor(all) Inbound path policy configured Incoming update prefix filter list is *ALLOW-NET1 1 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset never Internal BGP neighbor may be up to 255 hops away. Local host: 2001:db8:1::100, Local port: 179 Foreign host: 2001:db8:1::200, Foreign port: 55998 Nexthop: 1.1.1.100 Nexthop global: 2001:db8:1::100 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms Read thread: on Write thread: on FD used: 26
Attention
Verify DUT0 receives the permitted route 2001:db8:10::/64.
Step 5: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:10::/64Show output
BGP table version is 1, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *ui 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2001:db8:20::/64 because ORF filters it at DUT1.
Step 6: Run command protocols bgp show ipv6 at DUT0 and check if output does not match the following regular expressions:
2001:db8:20::/64Show output
BGP table version is 1, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 1 routes and 1 total paths