Capability
Scenario to verify BGP peer-group address-family ipv6-unicast capability orf inheritance. The orf prefix-list option enables Outbound Route Filtering, which allows a router to send its inbound prefix-list filters to a neighbor so the neighbor can apply them as outbound filters. This reduces bandwidth and processing overhead by filtering unwanted routes at the source. When configured on a peer-group under address-family ipv6-unicast, members inherit the ORF capability for IPv6 routes.
Test iBGP IPv6 - Without ORF receives all routes
Description
Baseline test without ORF. DUT1 advertises two networks (2001:db8:10::/64 and 2001:db8:20::/64) and DUT0 receives both. This serves as a comparison point for the ORF test.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.100 set protocols bgp 20 peer-group MYGROUP remote-as 20 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces dummy dum1 address '2001:db8:20::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 20 address-family ipv6-unicast redistribute connected set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 20 3 5 0 0 0 00:00:01 Established 0 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify DUT0 receives both routes from DUT1 (no filtering).
Step 4: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:10::/64[\s\S]*2001:db8:20::/64Show output
BGP table version is 3, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 2001:db8:1::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? *>i 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? *>i 2001:db8:20::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 3 routes and 3 total paths
Test iBGP IPv6 - Peer-group capability ORF prefix-list filters routes at source
Description
Test BGP capability orf prefix-list configured on a peer-group under address-family
ipv6-unicast. DUT0 is configured with ORF send mode via peer-group and has a prefix-list
that only permits 2001:db8:10::/64. DUT1 receives the filter and only sends 2001:db8:10::/64,
filtering 2001:db8:20::/64 at source.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address '2001:db8:1::100/64' set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer address-family ipv6-unicast prefix-list import ALLOW-NET1 set protocols bgp 20 neighbor peer peer-group MYGROUP set protocols bgp 20 neighbor peer remote-address '2001:db8:1::200' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.100 set protocols bgp 20 peer-group MYGROUP address-family ipv6-unicast capability orf prefix-list send set protocols bgp 20 peer-group MYGROUP remote-as 20 set protocols ipv6 prefix-list ALLOW-NET1 rule 1 action permit set protocols ipv6 prefix-list ALLOW-NET1 rule 1 prefix '2001:db8:10::/64' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address '2001:db8:10::1/64' set interfaces dummy dum1 address '2001:db8:20::1/64' set interfaces ethernet eth0 address '2001:db8:1::200/64' set protocols bgp 20 address-family ipv6-unicast redistribute connected set protocols bgp 20 neighbor peer address-family ipv6-unicast activate set protocols bgp 20 neighbor peer address-family ipv6-unicast capability orf prefix-list receive set protocols bgp 20 neighbor peer remote-address '2001:db8:1::100' set protocols bgp 20 neighbor peer remote-as 20 set protocols bgp 20 parameters router-id 1.1.1.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify iBGP session establishes with ORF capability.
Step 3: Run command protocols bgp show ipv6 summary at DUT0 and check if output matches the following regular expressions:
2001:db8:1::200.*EstablishedShow output
IPv6 Unicast Summary: BGP router identifier 1.1.1.100, local AS number 20 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2001:db8:1::200 0.0.0.0 4 20 2 3 0 0 0 00:00:00 Established 0 0 FRRouting/10.4.1 Total number of neighbors 1
Attention
Verify ORF prefix-list capability is negotiated between peers.
Step 4: Run command protocols bgp show ipv6 neighbors at DUT0 and check if output matches the following regular expressions:
Outbound Route Filter \(ORF\): sentShow output
BGP neighbor is 2001:db8:1::200, remote AS 20, local AS 20, internal link Local Role: undefined Remote Role: undefined Hostname: osdx Member of peer-group MYGROUP for session parameters BGP version 4, remote router ID 1.1.1.200, local router ID 1.1.1.100 BGP state = Established, up for 00:00:00 Last read 00:00:04, Last write 00:00:00 Hold time is 90 seconds, keepalive interval is 30 seconds Configured hold time is 90 seconds, keepalive interval is 30 seconds Configured tcp-mss is 0, synced tcp-mss is 1428 Configured conditional advertisements interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised and received IPv6 Unicast: RX advertised and received Paths-Limit: IPv4 Unicast: advertised (0) and received (0) IPv6 Unicast: advertised (0) and received (0) Long-lived Graceful Restart: advertised and received Address families by peer: Route refresh: advertised and received Enhanced Route Refresh: advertised and received Address Family IPv4 Unicast: advertised and received Address Family IPv6 Unicast: advertised and received Hostname Capability: advertised (name: osdx,domain name: n/a) received (name: osdx,domain name: n/a) Version Capability: advertised software version (FRRouting/10.4.1) received software version (FRRouting/10.4.1) Link-Local Next Hop Capability: not advertised not received Graceful Restart Capability: advertised and received Remote Restart timer is 120 seconds Address families by peer: none Graceful restart information: End-of-RIB send: End-of-RIB received: Local GR Mode: Helper* Remote GR Mode: Helper R bit: True N bit: True Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 120 Configured LLGR Stale Path Time(sec): 0 IPv4 Unicast: F bit: False End-of-RIB sent: No End-of-RIB sent after update: No End-of-RIB received: No Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 IPv6 Unicast: F bit: False End-of-RIB sent: No End-of-RIB sent after update: No End-of-RIB received: No Timers: Configured Stale Path Time(sec): 360 LLGR Stale Path Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 0 0 Keepalives: 1 1 Route Refresh: 1 0 Capability: 0 0 Total: 3 2 Prefix statistics: Inbound filtered: 0 AS-PATH loop: 0 Originator loop: 0 Cluster loop: 0 Invalid next-hop: 0 Withdrawn: 0 Attributes discarded: 0 Minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast MYGROUP peer-group member Update group 1, subgroup 1 Packet Queue length 0 Community attribute sent to this neighbor(all) 0 accepted, 0 sent prefixes For address family: IPv6 Unicast MYGROUP peer-group member Update group 2, subgroup 2 Packet Queue length 0 AF-dependant capabilities: Outbound Route Filter (ORF) type (64) Prefix-list: Send-mode: advertised Receive-mode: received Outbound Route Filter (ORF): sent; Community attribute sent to this neighbor(all) Inbound path policy configured Incoming update prefix filter list is *ALLOW-NET1 0 accepted, 0 sent prefixes Connections established 1; dropped 0 Last reset never Internal BGP neighbor may be up to 255 hops away. Local host: 2001:db8:1::100, Local port: 179 Foreign host: 2001:db8:1::200, Foreign port: 44960 Nexthop: 1.1.1.100 Nexthop global: 2001:db8:1::100 Nexthop local: fe80::dcad:beff:feef:6c00 BGP connection: shared network BGP Connect Retry Timer in Seconds: 30 Estimated round trip time: 0 ms Read thread: on Write thread: on FD used: 25
Attention
Verify DUT0 receives the permitted route 2001:db8:10::/64.
Step 5: Run command protocols bgp show ipv6 at DUT0 and check if output matches the following regular expressions:
2001:db8:10::/64Show output
BGP table version is 1, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 1 routes and 1 total paths
Attention
Verify DUT0 does NOT receive 2001:db8:20::/64 because ORF filters it at DUT1.
Step 6: Run command protocols bgp show ipv6 at DUT0 and check if output does not match the following regular expressions:
2001:db8:20::/64Show output
BGP table version is 1, local router ID is 1.1.1.100, vrf id 0 Default local pref 100, local AS 20 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i 2001:db8:10::/64 fe80::dcad:beff:feef:6c10 0 100 0 ? Displayed 1 routes and 1 total paths