Implementing BGP on Cisco IOS XR Software
Information About Implementing BGP on Cisco IOS XR Software
RC-4
Cisco IOS XR Routing Configuration Guide
–
512K (524,288) prefixes for IPv4 unicast.
–
128K (131,072) prefixes for IPv4 multicast.
–
128K (131,072) prefixes for IPv6 unicast.
A cease notification message is sent to the neighbor and the peering with the neighbor is terminated
when the number of prefixes received from the peer for a given address family exceeds the maximum
limit (either set by default or configured by the user) for that address family.
It is possible that the maximum number of prefixes for a neighbor for a given address family has been
configured after the peering with the neighbor has been established and a certain number of prefixes have
already been received from the neighbor for that address family. A cease notification message is sent to
the neighbor and peering with the neighbor is terminated immediately after the configuration if the
configured maximum number of prefixes is fewer than the number of prefixes that have already been
received from the neighbor for the address family.
BGP Validation of Local Next-Hop Addresses
When Cisco IOS XR BGP receives a route advertisement from a neighbor, it validates the next-hop
address contained in the route by verifying that the next-hop address is not the same as an IP address
assigned to an interface on this router (for example, a local address). If the received next-hop address is
a local address, the update is dropped. However, if the next-hop address is set to a local address by the
configured inbound policy, the update is not dropped, is treated as a valid next-hop address, and is
processed normally in Cisco IOS XR BGP. This verification means that the router advertises to its
neighbors that it has a route to the prefix, but any traffic received for that prefix is dropped.
This “blackholing” effect is often used to automatically protect against Denial of Service (DOS) attacks
on user hosts. An inbound policy is configured that sets the next hop to a local address (for example, the
address of a loopback interface) when a route with a particular community is received. When a user finds
that a host is under a DOS attack, a BGP advertisement is sent to the address of the attacked host with
the special community attached. The advertisement causes the Internet service provider (ISP) router to
install a route with a local next hop for that address that drops all traffic destined for it.
BGP Configuration
Cisco IOS XR BGP follows a neighbor-based configuration model that requires that all configurations
for a particular neighbor be grouped in one place under the neighbor configuration. Peer groups are not
supported for either sharing configuration between neighbors or for sharing update messages. The
concept of peer group has been replaced by a set of configuration groups to be used as templates in BGP
configuration and automatically generated update groups to share update messages between neighbors.
BGP configurations are grouped into four major categories:
–
Router Configuration Mode
–
Global Address Family Configuration Mode
–
Neighbor Configuration Mode
–
Neighbor Address Family Configuration Mode
Configuration Modes
The following sections show how to enter each of the configuration modes. From a mode, you can enter
the ? command to display the commands available in that mode.