Bfd
Scenario to verify BGP with BFD (Bidirectional Forwarding Detection) for fast failure detection. BFD provides sub-second detection of link or neighbor failures, allowing BGP to react much faster than using BGP keepalive timers alone (which typically take tens of seconds). This test demonstrates BFD with eBGP multihop sessions where DUT0 and DUT1 are separated by a transit router (DUT2). The test verifies that when BGP traffic is blocked, BFD detects the failure and tears down the BGP session quickly.
Test eBGP with BFD
Description
Test to check eBGP with BFD protocol
Scenario
Step 1: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer bfd set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map export PERMIT set protocols bgp 20 redistribute connected route-map REDIS set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set protocols route-map REDIS rule 1 action permit set protocols route-map REDIS rule 1 match interface dum0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer remote-address 10.10.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 3784 set traffic selector DROP rule 3 protocol udp
Step 3: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = Established Status: Up BFD: Type: single hopShow output
BGP neighbor is 10.10.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:02 Last read 00:00:01, Last write 00:00:01 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 1 0 Updates: 1 3 Keepalives: 1 1 Route Refresh: 1 2 Capability: 0 0 Total: 6 7 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 1 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset never External BGP neighbor may be up to 1 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 42086 Nexthop: 10.10.0.100 Nexthop global: :: Nexthop local: :: BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: on Write thread: on FD used: 26 BFD: Type: single hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Up, Last update: 0:00:00:01
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 10.10.0.200 0 0 20 ? Displayed 1 routes and 1 total paths
Step 5: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: B>* 1.1.1.0/24 [20/0] via 10.10.0.200, eth0, weight 1, 00:00:01 C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:03 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:03 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:03
Step 6: Ping IP address 1.1.1.1 from DUT0:
admin@DUT0$ ping 1.1.1.1 count 1 size 56 timeout 1Show output
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=0.293 ms --- 1.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set interfaces ethernet eth0 traffic policy local-out DROP set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer remote-address 10.10.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 3784 set traffic selector DROP rule 3 protocol udp
Step 8: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = (Connect|Idle) Status: Down BFD: Type: single hopShow output
BGP neighbor is 10.10.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 BGP state = Idle Last read 00:00:05, Last write 00:00:05 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 0 Configured conditional advertisements interval is 60 seconds Graceful restart information: Local GR Mode: Helper* Remote GR Mode: NotApplicable R bit: False N bit: False Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 1 2 Updates: 1 3 Keepalives: 2 2 Route Refresh: 1 2 Capability: 0 0 Total: 7 10 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Not part of any update group Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 0 accepted prefixes Connections established 1; dropped 1 Last reset 00:00:01, Peer closed the session (n/a) External BGP neighbor may be up to 1 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 42086 Nexthop: 10.10.0.100 Nexthop global: :: Nexthop local: :: BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Next start timer due in 0 seconds BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: off Write thread: off FD used: -1 BFD: Type: single hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Down, Last update: 0:00:00:30
Step 9: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
No BGP prefixes displayed, 0 exist
Step 10: Run command protocols ip show route at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:36 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:36 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:36
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer remote-address 10.10.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 3784 set traffic selector DROP rule 3 protocol udp
Step 12: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = Established Status: Up BFD: Type: single hopShow output
BGP neighbor is 10.10.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 10.10.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:02 Last read 00:00:01, Last write 00:00:01 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 3 2 Notifications: 1 2 Updates: 2 5 Keepalives: 3 3 Route Refresh: 1 2 Capability: 0 0 Total: 10 14 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Update group 2, subgroup 2 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 1 accepted, 0 sent prefixes Connections established 2; dropped 1 Last reset never External BGP neighbor may be up to 1 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 10.10.0.200, Foreign port: 35334 Nexthop: 10.10.0.100 Nexthop global: fe80::dcad:beff:feef:6c00 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 4 ms BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: on Write thread: on FD used: 25 BFD: Type: single hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Up, Last update: 0:00:00:02
Step 13: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 3, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 10.10.0.200 0 0 20 ? Displayed 1 routes and 1 total paths
Step 14: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: B>* 1.1.1.0/24 [20/0] via 10.10.0.200, eth0, weight 1, 00:00:01 C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:39 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:39 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:39
Step 15: Ping IP address 1.1.1.1 from DUT0:
admin@DUT0$ ping 1.1.1.1 count 1 size 56 timeout 1Show output
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=0.390 ms --- 1.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.390/0.390/0.390/0.000 ms
Test eBGP multihop with BFD
Description
Test to check eBGP multihop with BFD protocol
Scenario
Step 1: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.10.0.101/24 set interfaces ethernet eth1 address 20.20.0.201/24 set protocols static route 1.1.1.0/24 next-hop 20.20.0.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth1 address 20.20.0.200/24 set protocols bgp 20 neighbor peer bfd set protocols bgp 20 neighbor peer ebgp-multihop 2 set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map export PERMIT set protocols bgp 20 redistribute connected route-map REDIS set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set protocols route-map REDIS rule 1 action permit set protocols route-map REDIS rule 1 match interface dum0 set protocols static route 10.10.0.0/24 next-hop 20.20.0.201 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer ebgp-multihop 2 set protocols bgp 10 neighbor peer remote-address 20.20.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 4784 set traffic selector DROP rule 3 protocol udp
Step 4: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = Established Status: Up BFD: Type: multi hopShow output
BGP neighbor is 20.20.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 20.20.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:02 Last read 00:00:01, Last write 00:00:01 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 1 0 Updates: 1 3 Keepalives: 1 1 Route Refresh: 1 2 Capability: 0 0 Total: 6 7 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 1 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset never External BGP neighbor may be up to 2 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 20.20.0.200, Foreign port: 58928 Nexthop: 10.10.0.100 Nexthop global: :: Nexthop local: :: BGP connection: non shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: on Write thread: on FD used: 26 BFD: Type: multi hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Up, Last update: 0:00:00:00
Step 5: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 20.20.0.200 0 0 20 ? Displayed 1 routes and 1 total paths
Step 6: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: B> 1.1.1.0/24 [20/0] via 20.20.0.200 (recursive), weight 1, 00:00:02 * via 10.10.0.101, eth0, weight 1, 00:00:02 C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:03 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:03 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:03 S>* 20.20.0.0/24 [1/0] via 10.10.0.101, eth0, weight 1, 00:00:03
Step 7: Ping IP address 1.1.1.1 from DUT0:
admin@DUT0$ ping 1.1.1.1 count 1 size 56 timeout 1Show output
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=63 time=0.550 ms --- 1.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.550/0.550/0.550/0.000 ms
Step 8: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set interfaces ethernet eth0 traffic policy local-out DROP set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer ebgp-multihop 2 set protocols bgp 10 neighbor peer remote-address 20.20.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 4784 set traffic selector DROP rule 3 protocol udp
Step 9: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = (Connect|Idle) Status: Down BFD: Type: multi hopShow output
BGP neighbor is 20.20.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 20.20.0.200, local router ID 10.10.0.100 BGP state = Idle Last read 00:00:05, Last write 00:00:05 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 0 Configured conditional advertisements interval is 60 seconds Graceful restart information: Local GR Mode: Helper* Remote GR Mode: NotApplicable R bit: False N bit: False Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 2 1 Notifications: 1 2 Updates: 1 3 Keepalives: 2 2 Route Refresh: 1 2 Capability: 0 0 Total: 7 10 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Not part of any update group Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 0 accepted prefixes Connections established 1; dropped 1 Last reset 00:00:01, Peer closed the session (n/a) External BGP neighbor may be up to 2 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 20.20.0.200, Foreign port: 58928 Nexthop: 10.10.0.100 Nexthop global: :: Nexthop local: :: BGP connection: non shared network BGP Connect Retry Timer in Seconds: 30 Next start timer due in 0 seconds BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: off Write thread: off FD used: -1 BFD: Type: multi hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Down, Last update: 0:00:00:30
Step 10: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
No BGP prefixes displayed, 0 exist
Step 11: Run command protocols ip show route at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:35 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:35 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:35 S>* 20.20.0.0/24 [1/0] via 10.10.0.101, eth0, weight 1, 00:00:35
Step 12: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer bfd set protocols bgp 10 neighbor peer ebgp-multihop 2 set protocols bgp 10 neighbor peer remote-address 20.20.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols logging bgp bfd set protocols logging bgp neighbor-events set protocols logging level debugging set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 selector DROP set traffic selector DROP rule 1 destination port 179 set traffic selector DROP rule 1 protocol tcp set traffic selector DROP rule 2 protocol tcp set traffic selector DROP rule 2 source port 179 set traffic selector DROP rule 3 destination port 4784 set traffic selector DROP rule 3 protocol udp
Step 13: Run command protocols bgp show ip neighbors at DUT0 and check if output matches the following regular expressions:
BGP state = Established Status: Up BFD: Type: multi hopShow output
BGP neighbor is 20.20.0.200, remote AS 20, local AS 10, external link Local Role: undefined Remote Role: undefined Hostname: osdx BGP version 4, remote router ID 20.20.0.200, local router ID 10.10.0.100 BGP state = Established, up for 00:00:02 Last read 00:00:01, Last write 00:00:01 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1448 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: not advertised not received Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: Yes End-of-RIB sent after update: Yes End-of-RIB received: Yes Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 3 2 Notifications: 1 2 Updates: 2 5 Keepalives: 3 3 Route Refresh: 1 2 Capability: 0 0 Total: 10 14 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast Update group 2, subgroup 2 Packet Queue length 0 Community attribute sent to this neighbor(all) Inbound path policy configured Route map for incoming advertisements is *PERMIT Outbound updates discarded due to missing policy 1 accepted, 0 sent prefixes Connections established 2; dropped 1 Last reset never External BGP neighbor may be up to 2 hops away. Local host: 10.10.0.100, Local port: 179 Foreign host: 20.20.0.200, Foreign port: 36678 Nexthop: 10.10.0.100 Nexthop global: fe80::dcad:beff:feef:6c00 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: non shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 5 ms BFD Hold Time (interval 30) timer expires in 0 seconds Read thread: on Write thread: on FD used: 25 BFD: Type: multi hop Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300 Status: Up, Last update: 0:00:00:01
Step 14: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 3, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 20.20.0.200 0 0 20 ? Displayed 1 routes and 1 total paths
Step 15: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
Codes: K - kernel route, C - connected, L - local, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, f - OpenFabric, t - Table-Direct, > - selected route, * - FIB route, q - queued, r - rejected, b - backup t - trapped, o - offload failure IPv4 unicast VRF default: B> 1.1.1.0/24 [20/0] via 20.20.0.200 (recursive), weight 1, 00:00:01 * via 10.10.0.101, eth0, weight 1, 00:00:01 C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:38 K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:38 L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:38 S>* 20.20.0.0/24 [1/0] via 10.10.0.101, eth0, weight 1, 00:00:38
Step 16: Ping IP address 1.1.1.1 from DUT0:
admin@DUT0$ ping 1.1.1.1 count 1 size 56 timeout 1Show output
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=63 time=0.450 ms --- 1.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.450/0.450/0.450/0.000 ms