Disable-Connected-Check
Scenario to verify BGP peer-group disable-connected-check inheritance.
When disable-connected-check is configured on a peer-group, members can
establish eBGP sessions with non-directly connected peers (loopback peering).
Test eBGP - Peer-group disable-connected-check allows loopback peering
Description
Test that disable-connected-check configured on a peer-group allows eBGP
sessions with non-directly connected peers. DUT0 and DUT1 peer using loopback
addresses instead of directly connected interface addresses.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 1.1.1.1/32 set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer peer-group MYGROUP set protocols bgp 10 neighbor peer remote-address 2.2.2.1 set protocols bgp 10 neighbor peer update-source 1.1.1.1 set protocols bgp 10 peer-group MYGROUP disable-connected-check set protocols bgp 10 peer-group MYGROUP remote-as 20 set protocols bgp 10 peer-group MYGROUP route-map import PERMIT set protocols route-map PERMIT rule 1 action permit set protocols static route 2.2.2.1/32 next-hop 10.10.0.200 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 2.2.2.1/32 set interfaces dummy dum1 address 3.3.3.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer disable-connected-check set protocols bgp 20 neighbor peer remote-address 1.1.1.1 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map export PERMIT set protocols bgp 20 neighbor peer update-source 2.2.2.1 set protocols bgp 20 redistribute connected set protocols route-map PERMIT rule 1 action permit set protocols static route 1.1.1.1/32 next-hop 10.10.0.100 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session establishes using loopback addresses.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
2.2.2.1.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2.2.2.1 1.1.1.1 4 20 2 3 0 0 0 00:00:00 Established 0 (Policy) N/A Total number of neighbors 1
Attention
Verify DUT0 receives route 3.3.3.0/24 from DUT1.
Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:
3.3.3.0/24Show output
BGP table version is 2, local router ID is 10.10.0.100, vrf id 0 Default local pref 100, local AS 10 local address - Status codes: s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path 2.2.2.1/32 2.2.2.1 0 0 20 ? *u 3.3.3.0/24 2.2.2.1 0 0 20 ? *u 10.10.0.0/24 2.2.2.1 0 0 20 ? Displayed 3 routes and 3 total paths
Test eBGP - Session fails without disable-connected-check on non-connected peer
Description
Test that without disable-connected-check on the peer-group, the eBGP session
fails to establish when the neighbor address is not on a directly connected network.
Both DUT0 and DUT1 try to peer using loopback addresses but without
disable-connected-check and without static routes, the session does not establish.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces dummy dum0 address 1.1.1.1/32 set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 10 neighbor peer peer-group MYGROUP set protocols bgp 10 neighbor peer remote-address 2.2.2.1 set protocols bgp 10 neighbor peer update-source 1.1.1.1 set protocols bgp 10 peer-group MYGROUP remote-as 20 set protocols bgp 10 peer-group MYGROUP route-map import PERMIT set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces dummy dum0 address 2.2.2.1/32 set interfaces dummy dum1 address 3.3.3.1/24 set interfaces ethernet eth0 address 10.10.0.200/24 set protocols bgp 20 neighbor peer remote-address 1.1.1.1 set protocols bgp 20 neighbor peer remote-as 10 set protocols bgp 20 neighbor peer route-map export PERMIT set protocols bgp 20 neighbor peer update-source 2.2.2.1 set protocols bgp 20 redistribute connected set protocols route-map PERMIT rule 1 action permit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session does NOT establish without disable-connected-check.
Step 3: Run command protocols bgp show ip summary at DUT0 and check if output does not match the following regular expressions:
2.2.2.1.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Peer groups 1, using 64 bytes of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 2.2.2.1 - 4 20 0 0 0 0 0 never Active 0 0 N/A Total number of neighbors 1
Attention
Verify DUT0 does NOT have route 3.3.3.0/24.
Step 4: Run command protocols bgp show ip at DUT0 and check if output does not match the following regular expressions:
3.3.3.0/24Show output
No BGP prefixes displayed, 0 exist