BGP Address-Families

-
The BGP, as you surely know, has a multi-protocol capability - in a single session, it is capable of carrying information about diverse routed protocols (IPv4 Unicast, IPv4 Multicast, IPv6 Unicast, IPv6 Multicast, VPNv4, CLNP), in BGP's parlance called "address families". With BGP being a true multiprotocol routing protocol, however, you need some means to tell BGP which address families should be exchanged with a particular neighbor. We are accustomed to the fact that if we define an IPv4 neighbor, we are planning to exchange IPv4 routes with that neighbor - but why should that actually be a rule? Why should we make hasty assumptions about the address family just because the address of the neighbor is from a particular family itself?

This is the point behind diverse address-family commands. Defining a neighbor under a particular address family means that we want to exchange routes from the particular address family with that neighbor. Not having a neighbor listed under a particular address family means that we are not planning to exchange information from that address family with that neighbor.

Now, the address-family ipv4 declares neighbors with whom we want to exchange normal IPv4 unicast routes. This may be surprising because to exchange IPv4 routes with a neighbor, it is sufficient to simply define that neighbor by its address. The fact is that for backward compatibility with older BGP versions that have not been multiprotocol-capable, the BGP implicitly assigns all defined neighbors to an invisible address-family ipv4 section. In other words, as soon as you define a neighbor, it is automatically being added to an invisible address-family ipv4 section so that you don't have to do it manually.

You can change it, however. First of all, if you enter the BGP configuration and issue the command bgp upgrade-cli you will find out that the BGP configuration has been fully converted to the address family style of configuration. Outside any address-family stanzas, only the basic neighbor settings are configured like their addresses, AS numbers, update sources. However, all remaining per-address-family commands will be automatically moved into address-family stanzas. The behavior or operations of BGP do not change with this new style of configuration, only the configuration format is changed.

Furthermore, if you enter the no bgp default ipv4-unicast command in the BGP configuration, you will prevent BGP from automatically assigning each newly defined neighbor into address-family ipv4 section. You will then be required to add every defined neighbor to each intended address family automatically - it won't be done automatically for you anymore.

So to wrap it up - the address-family ipv4 is in fact an omnipresent section in the BGP configuration but for backward compatibility purposes, it is not visible by default. However, the configuration can be converted to a strict per-address-family configuration, and in fact, I would recommend that for all new deployments.

Comments

Post a Comment

Popular posts from this blog

Upgrading the firmware on a standalone Fortigate unit or units in an HA cluster

-
Understanding upgrade paths: Each firmware version has an upgrade path requirement from older versions. Most of the time when you are in a MR (major release) patch level, you can upgrade straight to any patch level within the MR. ex: 1) currently, a fortigate unit is running 4.0 MR3 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You can simply upgrade it directly to 4.0 MR3 patch 11. Most of the time when you are upgrading from a MR to the next MR, you can upgrade straight to any patch level in the next MR as long as you are at the highest patch level in the lower/previous MR. ex: 1) currently, a fortigate unit is running 4.0 MR2 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You must first upgrade it to 4.0 MR2 patch 13 (highest 4.0 MR2 patch). 4) Then you can upgrade to 4.0 MR3 patch 11. You should ALWAYS refer to the release notes of the firmware release you wish to upgrade your unit. Even, for comfort, just open a ticket...
Read more

Traffic Shaping With Fortigate

-
FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di...
Read more