BGP neighbors
You configure the BGP neighbors of the device under Neighbors.
- Entry active
- Activates or deactivates the entry for this BGP neighbor.
Note: The activation of the BGP neighbor triggers the establishment of a BGP connection, if applicable.Note: It is not possible to connect to disabled BGP neighbors.
- Name
- Contains the name of the BGP neighbor.
- IP address
- Specifies this BGP neighbor's IP address (IPv4 or IPv6) as used by the device to establish a BGP connection in the "active" or "delayed" connection mode.
Alternatively, you have the option to configure an entire IPv4 subnet, e.g. 192.168.1.0/24. In this case, the router accepts BGP connections from other routers on the subnet 192.168.1.0 with a subnet mask of 255.255.255.0. For this it is necessary to define the connection mode as "Passive".
IPv6 subnets are not supported.
Note: This entry must match the IP address (e.g. physical interface address, loopback address) reported by this neighbor in an incoming connection.
- Port
- Shows the port on which the BGP neighbor expects inbound BGP messages and, correspondingly, the port used by the device for outbound connections of the connection type "active" or "delayed".
Note: The device accepts incoming connections from any source port used by the sender.
- Source address (optional)
- Contains the sender address (IPv4 or IPv6) that the device communicated to the BGP neighbor when connecting.
Note: Entry is optional and is only relevant for the connection modes "active" and "delayed".
- Routing tag
- Contains the routing tag. The device denies the connection if the routing tag does not match with the incoming connection.
- Remote AS
- Contains the AS number of the BGP neighbor.
Note: If the AS number of the BGP neighbor is identical to the AS number of the device's own BGP instance, then this neighbor is an iBGP peer (internal BGP) in its own AS.
- Password
- The device and the BGP neighbor authenticate themselves by exchanging this password in the form of an MD5 signature in the TCP packets.
Note: Authentication is not used if no password is set.
- Connection mode
- Sets the mode in which the connection is established from the device to this BGP neighbor. The following modes are available:
- Active: In this mode the device attempts to connect to the BGP neighbor as soon as, among other things, one of the following conditions is met:
- The BGP neighbor is configured completely.
- Using WEBconfig or via the console, you execute the action Manual start.
- You start the device.
- The BGP instance is enabled under .
- You enable this BGP neighbor under Entry active.
- Passive: In this mode the device does not actively connect to the BGP neighbor; instead, it waits for a connection request from the BGP neighbor.
- Delayed: In this mode the device waits for a timeout before it tries to connect to the BGP neighbor. The conditions for establishing a connection are the same as for the "Active" mode.
- Active: In this mode the device attempts to connect to the BGP neighbor as soon as, among other things, one of the following conditions is met:
- Connection delay
- Specifies the wait time in seconds before the device in the "Delayed" connection mode establishes a connection to this BGP neighbor.
- Route reflector client
-
Specifies whether this neighbor is treated as a route-reflector client, in which case the device reflects iBGP routes to it.
Note: This switch is valid only if
- The device has been configured as a route reflector in the BGP instance, i.e. it is a route reflector itself, and
- The remote AS number matches its own AS number (iBGP).
- Neighbor profile
-
Contains the name of the BGP neighbor profile from Note: If an entry is missing or incorrect, the BGP neighbor configuration is considered to be incomplete, and it is not possible to connect to it.
.
- Inbound policy
- Specifies the policy used by the device to filter the inbound connections from this BGP neighbor.
The policy is configured under Note: If you leave this field empty, the device filters the inbound connections according to the default policy under .
.
- Outbound policy
- Specifies the policy used by the device to filter the outbound connections from this BGP neighbor.
The policy is configured under Note: If you leave this field empty, the device filters the inbound connections according to the default policy under .
.
- Comment
- Contains a comment about this BGP neighbor.
BGP neighbor profiles
You configure the profiles of the BGP neighbors of the device under BGP instance.
- Name
- Contains the name of the profile.
Note: This name is used in the following tables, among other things:
- Neighbor profile under
- Neighbor profile under
- Neighbor profile under
- Route update delay
- This is the minimum delay in seconds between BGP advertisements sent by the device to neighbors using this profile.
- Send TTL
- Specifies the TTL (time to live) that the device adds to TCP packets sent to the BGP neighbors that use this profile.
For directly connected neighbors, this value is set to "1". For eBGP environments, you can increase this value by 1 per hop.
Note: For iBGP sessions, the device ignores this value and defaults to the maximum TTL value.Important: This value must be "0" if Recv TTL is set to a value other than "0". The device automatically uses the value "1" if both Send TTL and Recv TTL are set to "0".
- Recv TTL
- Specifies the minimum TTL (time to live) required of inbound TCP packets from BGP neighbors that use this profile. Inbound TCP packets must have a TTL greater than or equal to this value in order to be accepted.
Note: The device ignores this value in iBGP sessions.Note: If this value is not equal to "0", the device sets the internal value for Send TTL to "255".Important: This value must be "0" if Send TTL is set to a value other than "0".
- Keepalive
- Specifies the time in seconds for the keepalive timer. After this time has elapsed, the device sends a keepalive message to the neighbors using this profile in order to keep the BGP connection intact.
Note: The device must send at least three keepalive messages per unit of holdtime. For this reason the value should be max. one third of the holdtime. If the value is set higher than this or equal to "0", the LCOS automatically sets an internal value that is one-third of the holdtime.
- Holdtime
- Specifies the time in seconds for which the device considers a BGP connection without traffic to still be valid.
The device negotiates this value with the BGP neighbors during connection establishment. The lower of the two values is considered to be valid.
Note: If negotiation results in a value of "0", the device considers the connection to be valid until it receives a connection error or the connection breaks. No keepalive messages are sent to the BGP neighbors during this period, even if the keepalive timer is set with a value.Important: In accordance with the RFC, the values "1" and "2" are not permitted.
- Filter private AS
- Controls the removal/replacement of private AS entries (64512 – 65535, 4200000000 – 4294967294) from the AS_PATH list of outbound Network Layer Reachability Information (NLRI) messages of BGP neighbors that use this profile.
Note: This option has no function for iBGP connections.
- AS override
- Enables or disables the overriding of AS numbers in the AS_PATH outbound Network Layer Reachability Information (NLRI). With this option enabled, the device replaces all of the AS numbers of the BGP neighbors with its own AS number.
- Comment
- Comment on this entry.