BGP Peer Session and Policy Templates

Configuring a large number of similar BGP peers on a router and ensuring that the changes in your routing policy or BGP design are applied to all of them can be a management nightmare. BGP peer groups were the only scalability tool available on Cisco IOS until the IOS release 12.3T and they had significant limitations as they were also used as a performance improvement tool.

IOS releases 12.0S and 12.3T introduced peer templates, a scalable hierarchical way of configuring BGP session parameters and inbound/outbound policies. For example, to configure the session parameters for all your IBGP sessions, use the following session template:

router bgp 65001
 template peer-session IBGP
  remote-as 65001
  description IBGP peers
  password s3cr3t
  update-source Loopback0
Session template includes parameters that apply to a BGP session, including remote AS number, local AS number, MD5 password, and the source IP address of the BGP session. Parameters specific to individual address families are defined in a policy template.

After the session template has been configured, adding a new IBGP peer takes just a single configuration command (two if you want to add neighbor description):

router bgp 65001
 neighbor 10.0.1.2 inherit peer-session IBGP
 neighbor 10.0.1.2 description R2

Policy templates are similar to session templates, and contain neighbor parameters that influence processing of prefixes of an individual BGP address family (example: filtering of inbound updates).

Continuing the IBGP example, you might want to group route reflector clients in a policy template, and ensure the route reflector propagating all BGP communities to them:

router bgp 65001
 template peer-policy Internal
  route-reflector-client
  send-community both
 exit-peer-policy

After defining a policy template, you can apply it to multiple address families, for example:

router bgp 65001
 neighbor 10.0.1.2 inherit peer-session IBGP
 neighbor 10.0.1.2 description R2
!
 address-family ipv4
  neighbor 10.0.1.2 activate
  neighbor 10.0.1.2 inherit peer-policy Internal
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.1.2 activate
  neighbor 10.0.1.2 inherit peer-policy Internal

Blog posts in BGP Essentials series

5 comments:

  1. I wonder if Cisco would interest in creating something called promiscuous-mode EBGP? This would be similar to DLSw+ promoscuous mode. For example, if I can configure a headend router to terminate hundreds of incoming EBGP/IBGP peers w/o having to manually define each neighbor statement it would save a lot of config nightmare at the headend. You might ask why do we need it? For example, for DMVPN hub-and-spoke, the scalability improves if one uses BGP instead of EIGRP or OSPF. Although the true throughput may be limited by PPS, but it's the scalability of the terminations using BGP that is worth a look.
  2. Anonymous BGP peers with neighbor templates were implemented at least in Cisco Software release 9.21 (they might have been in 9.1 release, but 9.1 documentation is missing from CCO). Sadly, this feature was later removed from IOS.
  3. Very interesting. I wonder why Cisco took it out (security issues?).

    Thanks.
  4. Anonymous BGP peers with neighbor templates should be brought back it scale dmvpn's
  5. If I remember correctly, they are available in one of the 6500 images.
Add comment
Sidebar