Override-Capability

This scenario demonstrates how to configure the override-capability option for a BGP neighbor. When enabled, the router ignores the capabilities announced by the neighbor during BGP negotiation and forces the session to establish even if there are capability mismatches. This is useful when connecting to legacy devices or third-party equipment that may announce incorrect capabilities.

Test iBGP - Neighbor override-capability forces session establishment

Description

Test to verify that override-capability allows a BGP session to establish even when there is a capability mismatch between peers. DUT0 has IPv6 address-family enabled while DUT1 does not. With override-capability, DUT0 ignores the capability mismatch and the session establishes successfully. DUT0 receives route 1.1.1.0/24 from DUT1.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor peer address-family ipv6-unicast activate
set protocols bgp 20 neighbor peer override-capability
set protocols bgp 20 neighbor peer remote-address 10.10.0.200
set protocols bgp 20 neighbor peer remote-as 20
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 10.10.0.100
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 redistribute connected
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify iBGP session establishes despite capability mismatch (override-capability enabled).

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 2
RIB entries 3, using 384 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         5         5        2    0    0 00:00:01  Established        NoNeg        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify that DUT0 receives route 1.1.1.0/24 from DUT1.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

1.1.1.0/24
Show output
BGP table version is 2, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 20
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *ui 1.1.1.0/24       10.10.0.200              0    100      0 ?
 *ui 10.10.0.0/24     10.10.0.200              0    100      0 ?

Displayed 2 routes and 2 total paths

Test iBGP - Session fails without override-capability on capability mismatch

Description

Test to verify that without override-capability (using strict-capability-match instead), the BGP session fails to establish when there is a capability mismatch. DUT0 has IPv6 address-family enabled while DUT1 does not. With strict-capability-match, DUT0 rejects the session and does not receive any routes from DUT1.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor peer address-family ipv6-unicast activate
set protocols bgp 20 neighbor peer remote-address 10.10.0.200
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 neighbor peer strict-capability-match
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 10.10.0.100
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 redistribute connected
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify iBGP session does NOT establish due to capability mismatch (no override-capability).

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output does not match the following regular expressions:

10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         4         9        0    0    0    never         Idle        0        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify that DUT0 does NOT have route 1.1.1.0/24 because session is not established.

Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:

1.1.1.0/24
Show output
No BGP prefixes displayed, 0 exist