Monday, February 26, 2018

Short Note on BGP Disable Connected Check

Short Note on BGP Disable Connected Check

Short Note on BGP Disable Connected Check

Today I am going to talk about BGP disable connected Check. Before we start with the discussion you should know about the BGP an exterior routing protocol. If you are aware of the BGP routing protocol then you will able to relate this article.

Lets talk about the BGP disable connected check in details.

The neighbor disable-connected-check command is used to disable the connection verification process for eBGP peering sessions that are reachable by a single hop but are configured on a loopback interface.

Disable-connected-check enables a directly connected eBGP neighbor to peer using a loopback address without adjusting the default TTL of 1. This basically means it doesn’t count the loopback IP as a hop to reach the neighbor. Because the TTL does not get adjusted, it means the neighbor must only be one router away. 

Any further, and the TTL will stop the session establishing. The difference with eBGP multihop, is that you can specify how many hops away a neighbor is allowed to be. You are actually adjusting the TTL.

Fig 1.1- BGP disable connected Check
In the diagram above, I’m going to start by configuring BGP between New Delhi Router & New York Router using loopbacks over their directly connected  interfaces with disable-connected-check.

New Delhi(config-router)#neighbor 2.2.2.2 remote-as 2
New Delhi(config-router)#neighbor 2.2.2.2 update-source lo0
New Delhi(config-router)#neighbor 2.2.2.2 disable-connected-check
New Delhi(config-router)#ip route 2.2.2.2 255.255.255.255 12.12.12.2
New Delhi(config)#

*Feb 23 00:17:22.095: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up

New York(config)#router bgp 2
New York(config-router)#neighbor 1.1.1.1 remote-as 1
New York(config-router)#neighbor 1.1.1.1 update-source lo0
New York(config-router)#neighbor 1.1.1.1 disable-connected-check
New York(config-router)#ip route 1.1.1.1 255.255.255.255 12.12.12.1
New York(config)#
*Feb 23 00:17:22.083: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

As you can see, the neighbors came straight up. If I now try and using the path viaNew Delhi-Toronto-Sydney-New York, i.e. a path that is not directly connected, the neighbors will not establish a session because the ttl will only be set to 1,and therefore cause a reachability problem. This is shown below.

New York(config)#int fa0/0
New York(config-if)#shut
New York(config-if)#no ip route 1.1.1.1 255.255.255.255 12.12.12.1
New York(config-if)#ip route 1.1.1.1 255.255.255.255 24.24.24.2
New York(config)#end
New Delhi(config)#int fa0/0
New Delhi(config-if)#shut
New Delhi(config-if)#no ip route 2.2.2.2 255.255.255.255 12.12.12.2
New Delhi(config-if)#ip route 2.2.2.2 255.255.255.255 13.13.13.2
New Delhi(config-if)#do ping 2.2.2.2 so lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/66/80 ms
*Feb 23 00:25:23.763: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down BGP Notification sent

New Delhi(config-if)#

*Feb 23 00:25:23.763: %BGP-3-NOTIFICATION: sent to neighbor 2.2.2.2 4/0 (hold time expired) 0 bytes

New Delhi#sh ip bgp sum
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4     2       8      12        0    0    0 00:04:33 Active

So because the neighbor is no longer 1 hop away (regarding disable-connected-check) the session drops, a notification is sent, and the hold time expires. However if I use ebgp-multihop instead of the disable-connected check, the session will form (because we increased the TTL). This is shown below.

New Delhi(config)#router bgp 1
New Delhi(config-router)#no neighbor 2.2.2.2 disable-connected-check
New Delhi(config-router)#neighbor 2.2.2.2 ebgp-multihop 3
New York(config)#router bgp 2
New York(config-router)#no neighbor 1.1.1.1 disable-connected-check
New York(config-router)#neighbor 1.1.1.1 ebgp-multihop 3

*Mar 1 00:41:45.159: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up

New York#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 2
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4     1      27      31        1    0    0 00:15:02      0

In conclusion, if you want to use the disable-connected-check feature, then ensure the neighbor is directly connected. Otherwise, you need to use ebgp-multihop, or ttl-security to establish the session.


Route XP

Author & Editor

Networks Baseline is a group of Network Engineers having the huge experience in Cisco network and architectural domain.

Popular Posts