We have a lot of BGP configuration over a number of devices. In the main these run IOS XE but not all. This post is a walk through of how to convert a ‘long-hand’ BGP config into first peer- groups, then session-templates and policy-templates. We’l move on to IOS XR configurations in another post.
Here is our initial ‘long-hand’ configuration:
neighbor 10.20.80.46 remote-as 65007 neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 transport connection-mode passive neighbor 10.20.80.46 password its_a_secret neighbor 10.20.80.46 activate neighbor 10.20.80.46 default-originate neighbor 10.20.80.46 prefix-list DEFAULT-ROUTE out neighbor 10.20.80.46 maximum-prefix 10
Exercise 1 – Peer-Groups
Lets put this into a peer-group – its inside a VRF for extra complexity!
neighbor REDTEST peer-group neighbor REDTEST remote-as 65100 neighbor REDTEST transport connection-mode passive neighbor REDTEST password its_a_secret neighbor REDTEST default-originate neighbor REDTEST prefix-list DEFAULT_ROUTE out
Then we can add the neighbour
neighbor 10.20.80.46 peer-group REDTEST neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 activate
As we are using a af-group for this peer, the peer ‘activate’ is required. AS it happens I have made it a requirement for the ipv4 af as well which would automatically enable on an IOS-XE device. I’ve configured the other side as follows:
router bgp 65100 bgp log-neighbor-changes neighbor 10.20.80.45 remote-as 1000 neighbor 10.20.80.45 password its_a_secret ! address-family ipv4 neighbor 10.20.80.45 activate exit-address-family
So the completed configuration for the peer-group router is:
router bgp 1000 bgp log-neighbor-changes no bgp default ipv4-unicast ! address-family ipv4 exit-address-family ! address-family ipv4 vrf RED neighbor REDTEST peer-group neighbor REDTEST remote-as 65100 neighbor REDTEST transport connection-mode passive neighbor REDTEST password its_a_secret neighbor REDTEST default-originate neighbor REDTEST prefix-list DEFAULT_ROUTE out neighbor 10.20.80.46 peer-group REDTEST neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 activate exit-address-family
Exercise 2 – Session-Templates
First things first – session-templates and policy-templates do not play well with peer-groups so I’ll need to delete the peer-group setup first. Another point to note is the session/policy templates are set up in the main BGP setup not in the af as the peer-group was. The session template contains information to do with the connection/tcp session. Here is my conversion:
router bgp 1000 template peer-session TESTSESSION remote-as 65100 transport connection-mode passive password its_a_secret exit-peer-session
The other data needs to go in the normal place and the neighbour needs to inherit the session template.
address-family ipv4 vrf RED neighbor 10.20.80.46 inherit peer-session TESTSESSION neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 activate neighbor 10.20.80.46 default-originate neighbor 10.20.80.46 prefix-list DEFAULT_ROUTE out neighbor 10.20.80.46 maximum-prefix 10 exit-address-family
This all works well and the partner router is getting the default route sent over.
Exercise 3 – Policy Templates
The last task on this post is to wrap up all the routing policy based stuff into the policy templates. This is done with the template peer-policy statement.
router bgp 1000 template peer-policy TESTPOLICY prefix-list DEFAULT_ROUTE out default-originate maximum-prefix 10 exit-peer-policy
then inherit as before:
address-family ipv4 vrf RED neighbor 10.20.80.46 inherit peer-session TESTSESSION neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 activate neighbor 10.20.80.46 inherit peer-policy TESTPOLICY exit-address-family
Again this all works fine and the other side is getting the default route.
Exercise 4 – Overrides
This test shows that we can override the settings in the policy or session template by adding into the individual peer stanza.
router bgp 1000 template peer-policy TESTPOLICY prefix-list DEFAULT_ROUTE out default-originate maximum-prefix 10 exit-peer-policy ! template peer-session TESTSESSION remote-as 65100 transport connection-mode passive password not_a_secret exit-peer-session ! bgp log-neighbor-changes no bgp default ipv4-unicast ! address-family ipv4 exit-address-family ! address-family ipv4 vrf RED neighbor 10.20.80.46 inherit peer-session TESTSESSION neighbor 10.20.80.46 description *** TEST PEER *** neighbor 10.20.80.46 password its_a_secret neighbor 10.20.80.46 activate neighbor 10.20.80.46 inherit peer-policy TESTPOLICY exit-address-family