Table of Contents
Advertisement
Routing Policy Enforcement
bgp[1051]: %ROUTING-BGP-4-INCOMPATIBLE_AFI : IPv4 Unicast and IPv4 Labeled-unicast Address
families together are not supported under the same neighbor.
When one BGP session has both IPv4 unicast and IPv4 labeled-unicast AFI/SAF, then the routing behavior
is nondeterministic. Therefore, the prefixes may not be correctly advertised. Incorrect prefix advertisement
results in reachability issues. In order to avoid such reachability issues, you must explicitly configure a route
policy to advertise prefixes either through IPv4 unicast or through IPv4 labeled-unicast address families.
Routing Policy Enforcement
External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is
configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security
measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration
omission error.
Note
This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this router).
For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are accepted or
advertised if there is no policy.
In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no
modifications, a simple pass-all policy is configured:
RP/0/RP0/CPU0:router(config)# route-policy pass-all
RP/0/RP0/CPU0:router(config-rpl)# pass
RP/0/RP0/CPU0:router(config-rpl)# end-policy
RP/0/RP0/CPU0:router(config)# commit
Use the route-policy (BGP) command in the neighbor address-family configuration mode to apply the pass-all
policy to a neighbor. The following example shows how to allow all IPv4 unicast routes to be received from
neighbor 192.168.40.42 and advertise all IPv4 unicast routes back to it:
RP/0/RP0/CPU0:router(config)# router bgp 1
RP/0/RP0/CPU0:router(config-bgp)# neighbor 192.168.40.24
RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 21
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# commit
Use the show bgp summary command to display eBGP neighbors that do not have both an inbound and
outbound policy for every active address family. In the following example, such eBGP neighbors are indicated
in the output with an exclamation (!) mark:
RP/0/RP0/CPU0:router# show bgp all all summary
Address Family: IPv4 Unicast
============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 41
BGP scan interval 60 secs
Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x
20
Implementing BGP
Advertisement
Chapters
Table of Contents
