Example: Configuring BGP Confederations

This example shows how to configure BGP confederations.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin:

1. Configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices.
2. Configure security filters. See the Junos OS Security Configuration Guide.
3. Configure point-to-point peering sessions. See Example: Configuring BGP Point-to-Point Peer Sessions.
4. Configure IBGP sessions between peers. See Example: Configuring Internal BGP Peering Sessions.
5. Configure a routing policy to advertise the BGP routes.

Overview

In this example you configure BGP confederations. BGP confederation is another way to solve the scaling problems created by the BGP full mesh requirement. BGP confederations effectively break up a large autonomous system (AS) into subautonomous systems. Each sub-AS must be uniquely identified within the confederation AS by a sub-AS number. Typically, sub-AS numbers are taken from the private AS numbers between 64,512 and 65,535. Within a sub-AS, the same internal BGP (IBGP) full mesh requirement exists. Connections to other confederations are made with standard external BGP (EBGP), and peers outside the sub-AS are treated as external. To avoid routing loops, a sub-AS uses a confederation sequence, which operates like an AS path but uses only the privately assigned sub-AS numbers.

Figure 1 shows a sample network in which AS 17 has two separate confederations sub-AS 64512 and sub-AS 64513, each of which has multiple routers. Within a sub-AS, an IGP is used to establish network connectivity with internal peers. Between sub-ASs, an external BGP peering session is established.

Configuration

CLI Quick Configuration

To quickly configure BGP confederations, copy the following commands and paste them into the CLI:

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see the Using the CLI Editor in Configuration Mode.

To configure BGP confederations:

1. Configure the routing options.
   [edit]user@host# edit routing-options
2. Set the AS number.
   [edit routing-options]user@host# set autonomous-system 64512
3. Define confederation.
   [edit routing-options]user@host# edit confederation
4. Set the confederation number.
   [edit routing-options confederation]user@host# set 17
5. Add the sub-ASs as members of the confederation.
   [edit routing-options confederation]user@host# set 17 members 64512user@host# set 17 members 64513

Results

From configuration mode, confirm your configuration by entering the show routing-options confederation command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

• Verifying BGP Neighbors
• Verifying BGP Groups
• Verifying BGP Summary Information
• Verifying Reachability of All Peers in a BGP Network

Verifying BGP Neighbors

Purpose

Verify that BGP is running on configured interfaces and that the BGP session is active for each neighbor address.

Action

From operational mode, enter the show bgp neighbor command.

Peer: 10.255.245.12+179 AS 35  Local: 10.255.245.13+2884 AS 35
  Type: Internal    State: Established  (route reflector client)Flags: Sync
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  Options: Preference LocalAddress HoldTime Cluster AddressFamily Rib-group Refresh
  Address families configured: inet-vpn-unicast inet-labeled-unicast
  Local Address: 10.255.245.13 Holdtime: 90 Preference: 170
  Flags for NLRI inet-vpn-unicast: AggregateLabel
  Flags for NLRI inet-labeled-unicast: AggregateLabel
  Number of flaps: 0
  Peer ID: 10.255.245.12    Local ID: 10.255.245.13    Active Holdtime: 90
  Keepalive Interval: 30
  NLRI advertised by peer: inet-vpn-unicast inet-labeled-unicast
  NLRI for this session: inet-vpn-unicast inet-labeled-unicast
  Peer supports Refresh capability (2)
Restart time configured on the peer: 300
  Stale routes from peer are kept for: 60
  Restart time requested by this peer: 300
  NLRI that peer supports restart for: inet-unicast inet6-unicast
  NLRI that restart is negotiated for: inet-unicast inet6-unicast
  NLRI of received end-of-rib markers: inet-unicast inet6-unicast
  NLRI of all end-of-rib markers sent: inet-unicast inet6-unicast
  Table inet.0 Bit: 10000
    RIB State: restart is complete
    Send state: in sync
    Active prefixes: 4
    Received prefixes: 6
    Suppressed due to damping: 0
  Table inet6.0 Bit: 20000
    RIB State: restart is complete
    Send state: in sync
    Active prefixes: 0
    Received prefixes: 2
    Suppressed due to damping: 0
  Last traffic (seconds): Received 3    Sent 3    Checked 3
  Input messages:  Total 9      Updates 6       Refreshes 0     Octets 403
  Output messages: Total 7      Updates 3       Refreshes 0     Octets 365
  Output Queue[0]: 0
  Output Queue[1]: 0
  Trace options: detail packets
  Trace file: /var/log/bgpgr size 131072 files 10

Meaning

The output shows a list of the BGP neighbors with detailed session information. Verify the following information:

• Each configured peering neighbor is listed.
• For State, each BGP session is Established.
• For Type, each peer is configured as the correct type (either internal or external).
• For AS, the AS number of the BGP neighbor is correct.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Verifying a BGP Configuration

Verifying BGP Groups

Purpose

Verify that the BGP groups are configured correctly.

Group Type: Internal    AS: 10045       Local AS: 10045
  Name: pe-to-asbr2                                     Flags: Export Eval
  Export: [ match-all ]
  Total peers: 1        Established: 1
  10.0.0.4+179
  bgp.l3vpn.0: 1/1/0
  vpn-green.inet.0: 1/1/0

Groups: 1   Peers: 1    External: 0    Internal: 1    Down peers: 0   Flaps: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
bgp.l3vpn.0            1          1          0          0          0          0

Action

From operational mode, enter the show bgp group command.

Meaning

The output shows a list of the BGP groups with detailed group information. Verify the following information:

• Each configured group is listed.
• For AS, each group's remote AS is configured correctly.
• For Local AS, each group's local AS is configured correctly.
• For Group Type, each group has the correct type (either internal or external).
• For Total peers, the expected number of peers within the group is shown.
• For Established, the expected number of peers within the group have BGP sessions in the Established state.
• The IP addresses of all the peers within the group are present.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Verifying a BGP Configuration

Verifying BGP Summary Information

Purpose

Verify that the BGP configuration is correct.

Action

From operational mode, enter the show bgp summary command.

Groups: 1 Peers: 3 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                 6          4          0          0          0          0
Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Damped...
10.0.0.2        65002      88675      88652       0       2       42:38 2/4/0                0/0/0
10.0.0.3        65002      54528      54532       0       1     2w4d22h 0/0/0                0/0/0
10.0.0.4        65002      51597      51584       0       0     2w3d22h 2/2/0                0/0/0

Meaning

The output shows a summary of BGP session information. Verify the following information:

• For Groups, the total number of configured groups is shown.
• For Peers, the total number of BGP peers is shown.
• For Down Peers, the total number of unestablished peers is 0. If this value is not zero, one or more peering sessions are not yet established.
• Under Peer, the IP address for each configured peer is shown.
• Under AS, the peer AS for each configured peer is correct.
• Under Up/Dwn State, the BGP state reflects the number of paths received from the neighbor, the number of these paths that have been accepted, and the number of routes being damped (such as 0/0/0). If the field is Active, it indicates a problem in the establishment of the BGP session.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Verifying a BGP Configuration

Verifying Reachability of All Peers in a BGP Network

Purpose

By using the ping tool on each peer address in the network, verify that all peers in the network are reachable from each device.

Action

For each device in the BGP network:

1. In the J-Web interface, select Troubleshoot>Ping Host.
2. In the Remote Host box, type the name of a host for which you want to verify reachability from the device.
3. Click Start. Output appears on a separate page.

PING 10.10.10.10 : 56 data bytes
64 bytes from 10.10.10.10: icmp_seq=0 ttl=255 time=0.382 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=255 time=0.266 ms

Meaning

If a host is active, it generates an ICMP response. If this response is received, the round-trip time is listed in the time field.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Verifying a BGP Configuration

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• BGP Configuration Overview
• BGP Overview
• show bgp neighbor in the Junos Routing Protocols and Policies Command Reference
• show bgp summary in the Junos Routing Protocols and Policies Command Reference
• show bgp group in the Junos Routing Protocols and Policies Command Reference
• ping in the Junos System Basics and Services Command Reference