Solved: What is the advantage of BGP transport connection-mode passive

hfakoor222 · ‎06-08-2023

In this example which is a 60 second read:

https://allthingsnetworking.wordpress.com/2014/11/25/bgp-active-passive/

We see passive connection on R1. Why do this in the real world? Why make the router passive and let the other router take control?

Security may be one, but what's the practical usage of this in a networking environment?

Harold Ritter · ‎06-08-2023

Hi @Joseph W. Doherty ,

> Also, I haven't thought if through, but also wondering whether it might also be used in the

> case of passing a BGP connection through a FW, i.e. basically similar to FTP's

> active/passive modes.

You hit the nail right on the head. This is the perfect use case for this feature and where I have seen it being used.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

MHM Cisco World · ‎06-08-2023

I check many articles' the only case we use this feature is secuirty.

If we have edge router and we want to prevent edge router to establish bgp with any other router except some' the we need to make it active peer.

Joseph W. Doherty · ‎06-08-2023

Beside your reference, also found:

https://learningnetwork.cisco.com/s/question/0D53i00000Kt4ehCAB/active-vs-passive-bgp-peering

The prior also references your reference, but also references the following:

https://community.cisco.com/t5/routing/cease-connection-collision-resolution/m-p/3449401?start=0&tstart=0

Also, I haven't thought if through, but also wondering whether it might also be used in the case of passing a BGP connection through a FW, i.e. basically similar to FTP's active/passive modes.

Harold Ritter · ‎06-08-2023

Hi @Joseph W. Doherty ,

> Also, I haven't thought if through, but also wondering whether it might also be used in the

> case of passing a BGP connection through a FW, i.e. basically similar to FTP's

> active/passive modes.

You hit the nail right on the head. This is the perfect use case for this feature and where I have seen it being used.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

M02@rt37 · ‎06-08-2023

Hello @hfakoor222,

The term "passive" in this context refers to a configuration where a BGP neighbor is set to establish the connection actively while the other neighbors wait for incoming connections.

The purpose of configuring a router as a passive peer in BGP can vary depending on the network design and requirements.

By designating certain neighbors as passive, you can have more control over the establishment of BGP connections. This can be useful when you want to prioritize or restrict the connection to specific peers.

By distributing the active and passive roles among different routers, you can achieve load balancing and redundancy. Active peers actively initiate connections, while passive peers wait for incoming connections. This setup can help optimize resource utilization and provide backup paths in case of failures.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎06-08-2023

BUT the Firewall is add behind the edge router.
the active/passive is effect how is initiate the BGP TCP session.

Joseph W. Doherty · ‎06-08-2023

"BUT the Firewall is add behind the edge router."

Usually, but doesn't have to be. Consider a Transparent FW.

MHM Cisco World · ‎06-08-2023

I need to check something but that need lab to be sure

The design of hub and spoke with bgp group. I need to see hun and spoke behavior with passive and active config.

hfakoor222 · ‎06-08-2023

Thanks all for the help.