Solved: Re: Question of ipv4&vpnv4 BGP peers and address family

rookie R · ‎12-14-2023

Hi all!

I have several questions about this lab. Would someone be able to help me with that?

Here is the topology:

The configuration:

R3#show run | s r b
router bgp 10000
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor AS10000 peer-group
neighbor AS10000 remote-as 10000
neighbor AS10000 update-source Loopback0
neighbor 4.4.4.4 peer-group AS10000
neighbor 5.5.5.5 peer-group AS10000
neighbor 6.6.6.6 peer-group AS10000
!
address-family vpnv4
neighbor AS10000 send-community extended
neighbor AS10000 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate
exit-address-family
!
address-family vpnv6
neighbor AS10000 send-community extended
neighbor AS10000 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate
exit-address-family
!
address-family ipv4 vrf CE
neighbor 192.168.37.7 remote-as 10007
neighbor 192.168.37.7 activate
exit-address-family



R4&R5&R6:

R4#show run | s r b
router bgp 10000
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 10000
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family vpnv6
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family


R7#show run | s r b
router bgp 10007
bgp router-id 7.7.7.7
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.168.37.3 remote-as 10000
!
address-family ipv4
neighbor 192.168.37.3 activate
exit-address-family

My understanding and questions:

1. The command

no bgp default ipv4-unicast

is the only command I need to turn a BGP process into an MP-BGP process. right?

2. From the angle of R3, R7 is R3's vpnv4 BGP peer. From the angle of R7, R3 is R7's ipv4 BGP peer, and why? The configuration on R3 is under address-family ipv4 vrf CE. Why does that also belong to the vpnv4 neighbor? But I can't find commands that can only show the peer of the vrf CE.

3. To me, a rookie, I think the neighbor(which is the address of the BGP neighbor) in the vpnv6 should be an ipv6 address because it has V6 in it, and the neighbor in vpnv4 should be an ipv4 address because it has V4 in it. But a friend of mine told me the RFC 8950 specifies that other types of addresses, such as ipv6, can be used as the next hop of an ipv4 route because that RFC extends the AFI/SAFI definition. Is that the reason why the peers of the R3 on address-family vpnv6 also use the ipv4 address?

Thanks so much.

M02@rt37 · ‎12-14-2023

Hello @rookie R,

1- The command

no bgp default ipv4-unicast

is used to disable the default behavior of advertising IPv4 unicast routes. It is part of the configuration for MP-BGP when you want to exchange different address families (e.g., IPv6, VPNv4, etc.). However, there are other commands and configurations needed for a complete MP-BGP setup, such as the definition of address families, activation of neighbors for those address families, and other specific parameters for each address family.

2 - In the BGP configuration of R3, the 'address-family ipv4 vrf CE' section is specifying the BGP configuration for the IPv4 address family within the context of a specific VRF (Virtual Routing and Forwarding). In this case, it's the VRF named 'CE.' The 'neighbor 192.168.37.7' statement inside this address family configuration is defining the BGP neighbor for this VRF. So, from R3's perspective, it is peering with R7 for IPv4 routes within the 'CE' VRF. The reason R7 sees R3 as an IPv4 BGP peer is because R7 is not aware of the VRF context on R3. R7 simply peers with R3 for IPv4 routes in the global context.

3 - Yes, your friend is correct. RFC 8950 defines the use of BGP to carry IPv4 routes with an IPv6 next hop and vice versa. This allows for greater flexibility in network designs where IPv4 and IPv6 coexist. In the context of VPNv6 (address-family vpnv6), it is common to use IPv4 addresses as the BGP neighbor addresses, even though the routes exchanged may be IPv6 routes. The IPv4 address is used for the BGP peering, and the IPv6 routes are carried within the VPNv6 address family. This design simplifies the configuration while allowing the exchange of IPv6 routes over an IPv4 BGP session.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎12-18-2023

it little confuse but I want to clear it to you and all other
I will talk about the VPNv4 and IPv4
1-there are VPNv4 which is ONLY config neighbor globally (under BGP without address family) i.e ONLY you need to activeted under address family
2-there are IPv4 which can config neighbor globally (under BGP without address family)
3-there are IPv4 VRF aware config neighbor Under address family (not globally)

the

NO BGP default IPv4-unicast

command effect only no.2 the IPv4 not VRF aware

to see the effect of command I build what I call ALLinONE topology same as your but with extra router
R1 have IPv4 vrf aware BGP with R4
R1 have IPv4 BGP with R6
since we dont add command the R1 and R6 can make connection and BGP is exchange route between two router

R3 have IPv4 vrf aware BGP with R5
R3 have IPv4 with R7
since we add command the R3 never make connection to R7 and BGP is not establish to solve this issue we need to activate the R7 under address family ipv4 unicast

R1
router bgp 100
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 11.0.0.6 remote-as 11
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
neighbor 10.0.0.4 remote-as 10
neighbor 10.0.0.4 activate
exit-address-family

R3

router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 21.0.0.7 remote-as 21
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
neighbor 20.0.0.5 remote-as 20
neighbor 20.0.0.5 activate
exit-address-family

View solution in original post

M02@rt37 · ‎12-14-2023

Hello @rookie R,

1- The command

no bgp default ipv4-unicast

is used to disable the default behavior of advertising IPv4 unicast routes. It is part of the configuration for MP-BGP when you want to exchange different address families (e.g., IPv6, VPNv4, etc.). However, there are other commands and configurations needed for a complete MP-BGP setup, such as the definition of address families, activation of neighbors for those address families, and other specific parameters for each address family.

2 - In the BGP configuration of R3, the 'address-family ipv4 vrf CE' section is specifying the BGP configuration for the IPv4 address family within the context of a specific VRF (Virtual Routing and Forwarding). In this case, it's the VRF named 'CE.' The 'neighbor 192.168.37.7' statement inside this address family configuration is defining the BGP neighbor for this VRF. So, from R3's perspective, it is peering with R7 for IPv4 routes within the 'CE' VRF. The reason R7 sees R3 as an IPv4 BGP peer is because R7 is not aware of the VRF context on R3. R7 simply peers with R3 for IPv4 routes in the global context.

3 - Yes, your friend is correct. RFC 8950 defines the use of BGP to carry IPv4 routes with an IPv6 next hop and vice versa. This allows for greater flexibility in network designs where IPv4 and IPv6 coexist. In the context of VPNv6 (address-family vpnv6), it is common to use IPv4 addresses as the BGP neighbor addresses, even though the routes exchanged may be IPv6 routes. The IPv4 address is used for the BGP peering, and the IPv6 routes are carried within the VPNv6 address family. This design simplifies the configuration while allowing the exchange of IPv6 routes over an IPv4 BGP session.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

rookie R · ‎12-17-2023

1. "Does it mean that the command

no bgp default ipv4-unicast

is not used to convert regular BGP to MP-BGP? If I didn't configure this command but there is another address-family (such as vpnv4 or vrf 10000) besides ipv4 and ipv6 in BGP, does it mean that it's definitely an MP-BGP?"

2. Thanks so much. Would you please answer another question for me? In R3, the output of the command

show IP bgp all summary

there are only two address families, vpnv4 and vpnv6, you said the R3 is peering with R7 for ipv4 routes within the CE vrf, so does this mean R3 treats all peers in its vrf and ipv4 peers as vpnv4 peers?

3. From what I understand, R3 has 3 vpnv4 peers, which means that I can advertise ipv4&ipv6 routes through vpnv4 sessions, as well as through vpnv6 sessions too. Does that mean I can advertise any routes(ipv4&ipv6) through BGP if two routes are peering with any BGP sessions(vpnv4 or vpnv6 or ipv4)?

extremecardrivingsimulator63 · ‎06-04-2024

Hey Everyone,

I am a new user within the Cisco community. New to Cisco and setting up our CRM. I am a Marketing Manager for Flying Squirrel Trampoline Parks. I look forward to meeting and collaborating with everyone.

https://cardrivingsimulators.com

MHM Cisco World · ‎12-14-2023

Hi friend

First I reply to one of your old post (eigrp stub DMVPN) can you closed it.

Second

For this new topic your Q is perfect

1- the effect of disable defualt unicast you can see different in blow link

https://www.kennie.org/2018/10/28/mpls-vpnv4-with-and-without-bgp-ipv4-default-unicast-routing/

2-one see as IPv4 and peer see as VPNv4' I think this because you disable unicast' enable it and you can see both peer as IPv4 (and one side will also see as VPNv4).

3- for ipv6 sorry I am so weak in this address family hope other help you to solve it

MHM

paul driver · ‎12-15-2023

Hello

@rookie R wrote:

1. The command 'no bgp default ipv4-unicast' is the only command I need to turn a BGP process into an MP-BGP process. right?

This option does not disable ipv4 unicast, it only deactivates the auto enablement of peer creation, meaning you will need to activate any ipv4 peer with the “neighbour xxxx active “

2. From the angle of R3, R7 is R3's vpnv4 BGP peer. From the angle of R7, R3 is R7's ipv4 BGP peer, and why? The configuration on R3 is under address-family ipv4 vrf CE. Why does that also belong to the vpnv4 neighbor? But I can't find commands that can only show the peer of the vrf CE.

3. To me, a rookie, I think the neighbor(which is the address of the BGP neighbor) in the vpnv6 should be an ipv6 address because it has V6 in it, and the neighbor in vpnv4 should be an ipv4 address because it has V4 in it. But a friend of mine told me the RFC 8950 specifies that other types of addresses, such as ipv6, can be used as the next hop of an ipv4 route because that RFC extends the AFI/SAFI definition. Is that the reason why the peers of the R3 on address-family vpnv6 also use the ipv4 address?

These are part of multiprotocol bgp (MBGP) which are bgp extensions to the protocol to allow additional traffic such as ipv6 unicast, ipv4/v6 multicast, vpn/mpls which are then carried within the creation of their related Address families (AF) allowing you to route all this different traffic under the bgp protocol.

An example of MBGP can allow ipv6 unicast to be used to advertise pure ipv6 networks or both ipv4/ipv6 networks, You could have ipv6 networks being advertised over ipv4 peerings or ipv4 networks advertised over ipv6 peering’s, or you could cfg dual stack peering to have both ipv4/ipv6 sessions.

So as you can see MBGP can become very complex and I believe you need to review it in depth in order to obtain a greater understanding of bgp as a whole -here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Harold Ritter · ‎12-15-2023

Hi @rookie R ,

As for question # 3, VPNv6 was defined by RFC4659, which predates RFC8950 (which obsoleted RFC5549).

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎12-18-2023

it little confuse but I want to clear it to you and all other
I will talk about the VPNv4 and IPv4
1-there are VPNv4 which is ONLY config neighbor globally (under BGP without address family) i.e ONLY you need to activeted under address family
2-there are IPv4 which can config neighbor globally (under BGP without address family)
3-there are IPv4 VRF aware config neighbor Under address family (not globally)

the

NO BGP default IPv4-unicast

command effect only no.2 the IPv4 not VRF aware

to see the effect of command I build what I call ALLinONE topology same as your but with extra router
R1 have IPv4 vrf aware BGP with R4
R1 have IPv4 BGP with R6
since we dont add command the R1 and R6 can make connection and BGP is exchange route between two router

R3 have IPv4 vrf aware BGP with R5
R3 have IPv4 with R7
since we add command the R3 never make connection to R7 and BGP is not establish to solve this issue we need to activate the R7 under address family ipv4 unicast

R1
router bgp 100
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 11.0.0.6 remote-as 11
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
neighbor 10.0.0.4 remote-as 10
neighbor 10.0.0.4 activate
exit-address-family

R3

router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 21.0.0.7 remote-as 21
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
neighbor 20.0.0.5 remote-as 20
neighbor 20.0.0.5 activate
exit-address-family