Disable-Connected-Check

This scenario demonstrates how to configure the disable-connected-check option for an eBGP neighbor. By default, eBGP requires the neighbor’s address to be on a directly connected network. When disable-connected-check is enabled, the router skips this verification and allows establishing eBGP sessions with neighbors that are not directly connected, such as loopback-to-loopback peering.

Test eBGP - Neighbor disable-connected-check allows loopback peering

Description

Test to verify that disable-connected-check allows an eBGP session to establish when the neighbor address is not on a directly connected network. DUT0 (AS 10) and DUT1 (AS 20) peer using their loopback addresses instead of the directly connected interface addresses. With disable-connected-check enabled, the session establishes successfully and DUT0 receives route 3.3.3.0/24 from DUT1.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces dummy dum0 address 1.1.1.1/32
set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor peer disable-connected-check
set protocols bgp 10 neighbor peer remote-address 2.2.2.1
set protocols bgp 10 neighbor peer remote-as 20
set protocols bgp 10 neighbor peer route-map import PERMIT
set protocols bgp 10 neighbor peer update-source 1.1.1.1
set protocols route-map PERMIT rule 1 action permit
set protocols static route 2.2.2.1/32 next-hop 10.10.0.200
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 2.2.2.1/32
set interfaces dummy dum1 address 3.3.3.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer disable-connected-check
set protocols bgp 20 neighbor peer remote-address 1.1.1.1
set protocols bgp 20 neighbor peer remote-as 10
set protocols bgp 20 neighbor peer route-map export PERMIT
set protocols bgp 20 neighbor peer update-source 2.2.2.1
set protocols bgp 20 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set protocols static route 1.1.1.1/32 next-hop 10.10.0.100
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session establishes using loopback addresses (disable-connected-check enabled).

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

2.2.2.1.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
2.2.2.1         1.1.1.1         4         20         2         4        0    0    0 00:00:01  Established        0 (Policy) N/A

Total number of neighbors 1

Attention

Verify that DUT0 receives route 3.3.3.0/24 from DUT1.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

3.3.3.0/24

Show output

BGP table version is 2, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 10
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     2.2.2.1/32       2.2.2.1                  0             0 20 ?
 *u  3.3.3.0/24       2.2.2.1                  0             0 20 ?
 *u  10.10.0.0/24     2.2.2.1                  0             0 20 ?

Displayed 3 routes and 3 total paths

---

Test eBGP - Session fails without disable-connected-check on non-connected peer

Description

Test to verify that without disable-connected-check, the eBGP session fails to establish when the neighbor address is not on a directly connected network. Both DUT0 and DUT1 try to peer using loopback addresses but without disable-connected-check on either side and without static routes to reach each other’s loopbacks, the connected check fails and the session does not establish. DUT0 does not receive any routes from DUT1.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces dummy dum0 address 1.1.1.1/32
set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor peer remote-address 2.2.2.1
set protocols bgp 10 neighbor peer remote-as 20
set protocols bgp 10 neighbor peer route-map import PERMIT
set protocols bgp 10 neighbor peer update-source 1.1.1.1
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 2.2.2.1/32
set interfaces dummy dum1 address 3.3.3.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 1.1.1.1
set protocols bgp 20 neighbor peer remote-as 10
set protocols bgp 20 neighbor peer route-map export PERMIT
set protocols bgp 20 neighbor peer update-source 2.2.2.1
set protocols bgp 20 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session does NOT establish without disable-connected-check.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output does not match the following regular expressions:

2.2.2.1.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
2.2.2.1         -               4         20         0         0        0    0    0    never       Active        0        0 N/A

Total number of neighbors 1

Attention

Verify that DUT0 does NOT have route 3.3.3.0/24 because session is not established.

Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:

3.3.3.0/24

Show output

No BGP prefixes displayed, 0 exist

---