Passive

Scenario to verify BGP peer-group passive inheritance. When passive is configured on a peer-group, neighbors that are members do not initiate BGP sessions and wait for the remote peer to connect.

Test iBGP - Peer-group passive prevents session initiation

Description

Test that passive configured on a peer-group is inherited by its members. Both DUT0 (via peer-group) and DUT1 are passive, so no session establishes. After removing passive from DUT1, the session establishes because DUT1 initiates.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor peer peer-group MYGROUP
set protocols bgp 20 neighbor peer remote-address 10.10.0.200
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 peer-group MYGROUP passive
set protocols bgp 20 peer-group MYGROUP remote-as 20
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer passive
set protocols bgp 20 neighbor peer remote-address 10.10.0.100
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 redistribute connected
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Note

Both peers are passive, session should NOT establish.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Active

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     -               4         20         0         0        0    0    0    never       Active        0        0 N/A

Total number of neighbors 1

Note

Remove passive from DUT1 so it can initiate the session.

Step 4: Modify the following configuration lines in DUT1 :

delete protocols bgp 20 neighbor peer passive

Step 5: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 1
RIB entries 1, using 128 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         4         3        1    0    0 00:00:02  Established        1        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify DUT0 receives route 10.10.0.0/24 from DUT1.

Step 6: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

10.10.0.0/24

Show output

BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 20
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *ui 10.10.0.0/24     10.10.0.200              0    100      0 ?

Displayed 1 routes and 1 total paths

---

Test eBGP - Peer-group passive prevents session initiation

Description

Test that passive configured on a peer-group is inherited by its members in eBGP. Both DUT0 (via peer-group) and DUT1 are passive, so no session establishes. After removing passive from DUT1, the session establishes because DUT1 initiates.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor peer peer-group MYGROUP
set protocols bgp 10 neighbor peer remote-address 10.10.0.200
set protocols bgp 10 peer-group MYGROUP passive
set protocols bgp 10 peer-group MYGROUP remote-as 20
set protocols bgp 10 peer-group MYGROUP route-map import PERMIT
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer passive
set protocols bgp 20 neighbor peer remote-address 10.10.0.100
set protocols bgp 20 neighbor peer remote-as 10
set protocols bgp 20 neighbor peer route-map export PERMIT
set protocols bgp 20 redistribute connected
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Note

Both peers are passive, session should NOT establish.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Active

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     -               4         20         0         0        0    0    0    never       Active        0        0 N/A

Total number of neighbors 1

Note

Remove passive from DUT1 so it can initiate the session.

Step 4: Modify the following configuration lines in DUT1 :

delete protocols bgp 20 neighbor peer passive

Step 5: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 1
RIB entries 1, using 128 bytes of memory
Peers 1, using 24 KiB of memory
Peer groups 1, using 64 bytes of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         4         3        1    0    0 00:00:02  Established        1 (Policy) N/A

Total number of neighbors 1

Attention

Verify DUT0 receives route 10.10.0.0/24 from DUT1.

Step 6: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

10.10.0.0/24

Show output

BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 10
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *u  10.10.0.0/24     10.10.0.200              0             0 20 ?

Displayed 1 routes and 1 total paths

---