Passive
This scenario demonstrates how to configure the passive mode for a BGP neighbor. When passive mode is enabled, the router will not initiate the BGP session, instead it will wait for the remote peer to initiate the connection. The test verifies this by configuring DUT0 and DUT1 with passive (session should NOT establish), then removing passive from DUT0 to allow connection initiation.
Test iBGP - Passive neighbor
Description
Test to check iBGP protocol with passive neighbor. DUT0 and DUT1 are configured with passive mode, so the BGP session should NOT establish. After removing passive from DUT0, the session should establish successfully.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 20 neighbor peer passive set protocols bgp 20 neighbor peer remote-address 10.10.0.200 set protocols bgp 20 neighbor peer remote-as 20 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer passive set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 redistribute connected route-map REDIS set protocols route-map REDIS rule 1 action permit set protocols route-map REDIS rule 1 match interface dum0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
DUT0 and DUT1 are passive, so the BGP session should NOT establish.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*ActiveShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 - 4 20 0 0 0 0 0 never Active 0 0 N/A Total number of neighbors 1
Attention
Verify that DUT0 does NOT receive route 1.1.1.0/24 from DUT1
Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
No BGP prefixes displayed, 0 exist
Note
After removing passive from DUT0, the session should establish successfully.
Step 5: Modify the following configuration lines in DUT0 :
delete protocols bgp 20 neighbor peer passive
Step 6: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 4 3 1 0 0 00:00:02 Established 1 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify that DUT0 receives route 1.1.1.0/24 from DUT1
Step 7: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 1.1.1.0/24 10.10.0.200 0 100 0 ? Displayed 1 routes and 1 total paths
Test eBGP - Passive neighbor
Description
Test to check eBGP protocol with passive neighbor. DUT0 and DUT1 are configured with passive mode, so the BGP session should NOT establish. After removing passive from DUT0, the session should establish successfully.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer passive set protocols bgp 10 neighbor peer remote-address 10.10.0.200 set protocols bgp 10 neighbor peer remote-as 20 set protocols bgp 10 neighbor peer route-map import PERMIT set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 1.1.1.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer passive set protocols bgp 20 neighbor peer remote-address 10.10.0.100 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map export PERMIT set protocols bgp 20 redistribute connected route-map REDIS set protocols route-map PERMIT rule 1 action permit set protocols route-map REDIS rule 1 action permit set protocols route-map REDIS rule 1 match interface dum0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Note
DUT0 and DUT1 are passive, so the BGP session should NOT establish.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*ActiveShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 - 4 20 0 0 0 0 0 never Active 0 0 N/A Total number of neighbors 1
Attention
Verify that DUT0 does NOT receive route 1.1.1.0/24 from DUT1
Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
1.1.1.0/24Show output
No BGP prefixes displayed, 0 exist
Note
After removing passive from DUT0, the session should establish successfully.
Step 5: Modify the following configuration lines in DUT0 :
delete protocols bgp 10 neighbor peer passive
Step 6: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
10.10.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0 BGP table version 1 RIB entries 1, using 128 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 10.10.0.200 10.10.0.100 4 20 4 3 1 0 0 00:00:01 Established 1 (Policy) N/A Total number of neighbors 1
Attention
Verify that DUT0 receives route 1.1.1.0/24 from DUT1
Step 7: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
1.1.1.0/24Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 1.1.1.0/24 10.10.0.200 0 0 20 ? Displayed 1 routes and 1 total paths