Here’s a trick question:

• Imagine you have a network running IPv4 and VPNv4 services;
• You want to use neighbor next-hop-self on IPv4 sessions, but not on VPNv4 sessions;

To implement this request you use the following configuration commands (plenty of other commands removed because they don’t impact the results):

router bgp 64500
 address-family ipv4
  maximum-paths ibgp 32
  maximum-paths 32
  neighbor 192.168.0.4 next-hop-self
  neighbor 192.168.0.1 next-hop-self
 address-family vpnv4
  maximum-paths ibgp 32
  maximum-paths 32
  no neighbor 192.168.0.4 next-hop-self
  no neighbor 192.168.0.1 next-hop-self

Try to figure out what the end-result will be without connecting to a router or reading the rest of this blog post.

Ok, here’s what totally threw me off (and wasted an hour of my life): next-hop-self is removed from neighbors in the IPv4 address family. Here’s why:

• There is no maximum-paths ibgp command in VPNv4 address family;
• The moment you enter maximum-paths ibgp command the configuration parser exits the address-family vpnv4 context and enters router bgp context;
• Because the ipv4 address family is the default context within router bgp (for legacy reasons) all the subsequent commands are executed within the address-family ipv4 context removing next-hop self from neighbors in IPv4 address family.

No wonder David Barroso named his library NAPALM (you’ll find the full story in this or this podcast).