Let’s talk about AF-Groups, Session-Groups and Neighbor-Groups

After the spin round the block with IOS-XE ‘scaled configuration’ features, this is the accompanying IOS-XR version. First thing first we need to create the ‘long-hand’ version that we used on XE but for XR. The config on XR changes so I’ll notate where appropriate.

router bgp 1000
 address-family ipv4 unicast      <<< ENABLE IPV4 
  redistribute connected          <<< ADD SOME ROUTES TO FILTER!
 !
 neighbor 1.2.3.5
  remote-as 65111
  password encrypted 1543595F50
  session-open-mode passive-only  <<< XE: transport connection-mode passive
  address-family ipv4 unicast
   route-policy GOOD2GO in        <<< INBOUND POLICY     
   maximum-prefix 10 75
   route-policy DEFAULT_ONLY out  <<< OUTBOUND POLICY
   default-originate

Lets just confirm we are getting what we are supposed to on the client router (which is IOS-XE).

Router#sh ip bgp sum
BGP router identifier 1.2.3.5, local AS number 65111
BGP table version is 8, main routing table version 8
1 network entries using 248 bytes of memory
1 path entries using 136 bytes of memory
1/1 BGP path/bestpath attribute entries using 288 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 696 total bytes of memory
BGP activity 6/5 prefixes, 6/5 paths, scan interval 60 secs
4 networks peaked at 14:05:08 Oct 27 2019 UTC (03:08:50.500 ago)

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.2.3.4         4         1000     203     212        8    0    0 03:11:20        1

Exercise 1 - The Neighbor-Group
The neighbor-group is similar to the peer-group in XE, i.e. there is no separation between session data and routing policy. In our example we can pretty much paste the existing config into the neighbor-group as seen below:

router bgp 1000
 address-family ipv4 unicast
  redistribute connected
 !
 neighbor-group TESTNG
  remote-as 65111
  password encrypted 1543595F50
  session-open-mode passive-only
  address-family ipv4 unicast
   route-policy GOOD2GO in
   maximum-prefix 10 75
   route-policy DEFAULT_ONLY out
   default-originate
  !
 !
 neighbor 1.2.3.5
  use neighbor-group TESTNG
  description *** TEST PEER ***

Exercise 2 - The Session-Group
The session-group is similar in function to the peer-session function in XE. It is concerned with the connection between peers at a TCP/IP level. First thing to do is to rip out the neighbor-group and then start building the session-group. one that is done we can inherit the template but using the 'use' keyword.

router bgp 1000
 address-family ipv4 unicast
  redistribute connected
 !
 session-group TESTSG
  remote-as 65111
  password encrypted 1543595F50
  session-open-mode passive-only
 !
 neighbor 1.2.3.5
  use session-group TESTSG
  address-family ipv4 unicast
   route-policy GOOD2GO in
   maximum-prefix 10 75
   route-policy DEFAULT_ONLY out
   default-originate

Exercise 3 - The AF Template
Last job to do is to use the af-template. The AF template is configured in the main BGP section and must be called from inside the neighbor configuration and the from the relevant address family. Similar to the session template, you can add the template and then 'use' it. After that the neighbor specific details can be removed to leave just the templates.

router bgp 1000
 address-family ipv4 unicast
  redistribute connected
 !
 af-group TESTAFG address-family ipv4 unicast
  route-policy GOOD2GO in
  maximum-prefix 10 75
  route-policy DEFAULT_ONLY out
  default-originate
 !
 session-group TESTSG
  remote-as 65111
  password encrypted 1543595F50
  session-open-mode passive-only
 !
 neighbor 1.2.3.5
  use session-group TESTSG
  description *** TEST PEER ***
  address-family ipv4 unicast
   use af-group TESTAFG

And to finalise, here is some verification data from the XR router:

RP/0/0/CPU0:ios#show bgp ipv4 unicast summary                             
Sun Oct 27 17:52:44.716 UTC
BGP router identifier 22.22.22.22, local AS number 1000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000   RD version: 5
BGP main routing table version 5
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.


Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer
Speaker               5          5          5          5           5           0

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
1.2.3.5           0 65111      28      37        5    0    0 00:14:55          0

RP/0/0/CPU0:ios#show bgp ipv4 unicast neighbors 1.2.3.5 advertised-routes 
Sun Oct 27 17:52:08.009 UTC
Network            Next Hop        From            AS Path
0.0.0.0/0          0.0.0.0         Local           i

Processed 1 prefixes, 1 paths
This entry was posted in Cisco and tagged , , , , . Bookmark the permalink.