Disable-Ebgp-Connected-Route-Check

Scenario to verify BGP disable-ebgp-connected-route-check parameter configuration.

By default, eBGP requires the neighbor’s address to be on a directly connected network. The disable-ebgp-connected-route-check global parameter disables this verification for all eBGP neighbors, allowing sessions with peers that are not directly connected, such as loopback-to-loopback peering. Unlike the per-neighbor disable-connected-check, this parameter applies globally to all eBGP sessions.

In this test suite, DUT0 (AS 10) and DUT1 (AS 20) establish an eBGP session using loopback addresses. The first test verifies that the session establishes and routes are exchanged when the parameter is enabled. The second test verifies that without the parameter, the session fails to establish.

Test eBGP - Global disable-ebgp-connected-route-check allows loopback peering

Description

This test verifies that the global disable-ebgp-connected-route-check parameter allows an eBGP session to establish when the neighbor address is not on a directly connected network. DUT0 (AS 10) and DUT1 (AS 20) peer using their loopback addresses instead of the directly connected interface addresses. With the global parameter enabled on both routers, the session establishes successfully and DUT0 receives route 3.3.3.0/24 from DUT1.

Scenario

Note

Configure eBGP with disable-ebgp-connected-route-check as a global parameter. Both DUTs peer using loopback addresses.

Step 1: Set the following configuration in DUT0 :

set interfaces dummy dum0 address 1.1.1.1/32
set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor peer remote-address 2.2.2.1
set protocols bgp 10 neighbor peer remote-as 20
set protocols bgp 10 neighbor peer route-map import PERMIT
set protocols bgp 10 neighbor peer update-source 1.1.1.1
set protocols bgp 10 parameters disable-ebgp-connected-route-check
set protocols route-map PERMIT rule 1 action permit
set protocols static route 2.2.2.1/32 next-hop 10.10.0.200
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 2.2.2.1/32
set interfaces dummy dum1 address 3.3.3.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 1.1.1.1
set protocols bgp 20 neighbor peer remote-as 10
set protocols bgp 20 neighbor peer route-map export PERMIT
set protocols bgp 20 neighbor peer update-source 2.2.2.1
set protocols bgp 20 parameters disable-ebgp-connected-route-check
set protocols bgp 20 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set protocols static route 1.1.1.1/32 next-hop 10.10.0.100
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session establishes using loopback addresses (disable-ebgp-connected-route-check enabled globally).

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

2.2.2.1.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
2.2.2.1         1.1.1.1         4         20         3         4        0    0    0 00:00:00  Established        0 (Policy) N/A

Total number of neighbors 1

Attention

Verify that DUT0 receives route 3.3.3.0/24 from DUT1.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

3.3.3.0/24

Show output

BGP table version is 2, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 10
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     2.2.2.1/32       2.2.2.1                  0             0 20 ?
 *u  3.3.3.0/24       2.2.2.1                  0             0 20 ?
 *u  10.10.0.0/24     2.2.2.1                  0             0 20 ?

Displayed 3 routes and 3 total paths

---

Test eBGP - Session fails without disable-ebgp-connected-route-check on non-connected peer

Description

This test verifies that without disable-ebgp-connected-route-check, the eBGP session fails to establish when the neighbor address is not on a directly connected network. Both DUT0 and DUT1 try to peer using loopback addresses but without the global parameter and without static routes to reach each other’s loopbacks, the connected route check fails and the session does not establish. DUT0 does not receive any routes from DUT1.

Scenario

Note

Configure eBGP without disable-ebgp-connected-route-check and without static routes. Session should fail.

Step 1: Set the following configuration in DUT0 :

set interfaces dummy dum0 address 1.1.1.1/32
set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor peer remote-address 2.2.2.1
set protocols bgp 10 neighbor peer remote-as 20
set protocols bgp 10 neighbor peer route-map import PERMIT
set protocols bgp 10 neighbor peer update-source 1.1.1.1
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 2.2.2.1/32
set interfaces dummy dum1 address 3.3.3.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 1.1.1.1
set protocols bgp 20 neighbor peer remote-as 10
set protocols bgp 20 neighbor peer route-map export PERMIT
set protocols bgp 20 neighbor peer update-source 2.2.2.1
set protocols bgp 20 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP session does NOT establish without disable-ebgp-connected-route-check.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output does not match the following regular expressions:

2.2.2.1.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
2.2.2.1         -               4         20         0         0        0    0    0    never       Active        0        0 N/A

Total number of neighbors 1

Attention

Verify that DUT0 does NOT have route 3.3.3.0/24 because session is not established.

Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:

3.3.3.0/24

Show output

No BGP prefixes displayed, 0 exist

---