Nexthop-Self

Scenario to verify BGP peer-group nexthop-self inheritance. When nexthop-self is configured on a peer-group, routes reflected to members have the next-hop changed to the reflector’s address instead of keeping the original next-hop.

../../../../_images/nexthop-self2.svg

Test iBGP - Without nexthop-self reflected route has unreachable next-hop

Description

Test that without nexthop-self on the peer-group, routes reflected to DUT2 keep the original next-hop (DUT1: 10.10.0.200). Since DUT2 has no route to 10.10.0.0/24, the next-hop is inaccessible and the route is not usable.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set interfaces ethernet eth1 address 20.20.0.100/24
set protocols bgp 20 neighbor dut1 remote-address 10.10.0.200
set protocols bgp 20 neighbor dut1 remote-as 200
set protocols bgp 20 neighbor dut1 route-map import PERMIT
set protocols bgp 20 neighbor dut2 peer-group CLIENTS
set protocols bgp 20 neighbor dut2 remote-address 20.20.0.200
set protocols bgp 20 neighbor dut2 remote-as 20
set protocols bgp 20 peer-group CLIENTS remote-as 20
set protocols bgp 20 peer-group CLIENTS route-reflector-client
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 200 neighbor peer remote-address 10.10.0.100
set protocols bgp 200 neighbor peer remote-as 20
set protocols bgp 200 neighbor peer route-map export PERMIT
set protocols bgp 200 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 20.20.0.200/24
set protocols bgp 20 neighbor rr remote-address 20.20.0.100
set protocols bgp 20 neighbor rr remote-as 20
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP and iBGP sessions establish on DUT0.

Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

20.20.0.200.*Established[\s\S]*10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 20.20.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 1
RIB entries 1, using 128 bytes of memory
Peers 2, using 47 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
20.20.0.200     20.20.0.100     4         20         3         4        1    0    0 00:00:01  Established        0        1 FRRouting/10.4.1
10.10.0.200     10.10.0.100     4        200         4         3        1    0    0 00:00:03  Established        1 (Policy) N/A

Total number of neighbors 2

Note

DUT2 receives the route but next-hop 10.10.0.200 is inaccessible (not installed in RIB).

Step 5: Run command protocols bgp show ip 10.10.0.0/24 at DUT2 and check if output matches the following regular expressions:

10.10.0.200 \(inaccessible
Show output
BGP routing table entry for 10.10.0.0/24, version 0
Paths: (1 available, no best path)
  Not advertised to any peer
  200
    10.10.0.200 (inaccessible, import-check enabled) from 20.20.0.100 (20.20.0.100)
      Origin incomplete, metric 0, localpref 100, invalid, internal
      Last update: Thu Mar  5 15:46:20 2026

Test iBGP - Peer-group nexthop-self changes next-hop on reflected routes

Description

Test that nexthop-self configured on a peer-group changes the next-hop of reflected routes to DUT0’s own address. DUT1 (eBGP) announces 10.10.0.0/24 to DUT0 (RR). DUT0 reflects it to DUT2 (iBGP client in peer-group CLIENTS). With nexthop-self, DUT2 sees DUT0 (20.20.0.100) as next-hop instead of DUT1 (10.10.0.200).

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set interfaces ethernet eth1 address 20.20.0.100/24
set protocols bgp 20 neighbor dut1 remote-address 10.10.0.200
set protocols bgp 20 neighbor dut1 remote-as 200
set protocols bgp 20 neighbor dut1 route-map import PERMIT
set protocols bgp 20 neighbor dut2 peer-group CLIENTS
set protocols bgp 20 neighbor dut2 remote-address 20.20.0.200
set protocols bgp 20 neighbor dut2 remote-as 20
set protocols bgp 20 peer-group CLIENTS nexthop-self
set protocols bgp 20 peer-group CLIENTS remote-as 20
set protocols bgp 20 peer-group CLIENTS route-reflector-client
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 200 neighbor peer remote-address 10.10.0.100
set protocols bgp 200 neighbor peer remote-as 20
set protocols bgp 200 neighbor peer route-map export PERMIT
set protocols bgp 200 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 20.20.0.200/24
set protocols bgp 20 neighbor rr remote-address 20.20.0.100
set protocols bgp 20 neighbor rr remote-as 20
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify eBGP and iBGP sessions establish on DUT0.

Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

20.20.0.200.*Established[\s\S]*10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 20.20.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 1
RIB entries 1, using 128 bytes of memory
Peers 2, using 47 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
20.20.0.200     20.20.0.100     4         20         3         4        1    0    0 00:00:01  Established        0        1 FRRouting/10.4.1
10.10.0.200     10.10.0.100     4        200         4         3        1    0    0 00:00:03  Established        1 (Policy) N/A

Total number of neighbors 2

Attention

Verify DUT2 receives route 10.10.0.0/24 with next-hop as DUT0 (nexthop-self).

Step 5: Run command protocols bgp show ip 10.10.0.0/24 at DUT2 and check if output matches the following regular expressions:

20.20.0.100 from 20.20.0.100
Show output
BGP routing table entry for 10.10.0.0/24, version 1
Paths: (1 available, best #1, table default)
  Not advertised to any peer
  200
    20.20.0.100 from 20.20.0.100 (20.20.0.100)
      Origin incomplete, metric 0, localpref 100, valid, internal, best (First path received)
      Last update: Thu Mar  5 15:46:33 2026