As soon as you issue the neighbor soft-reconfiguration command, the device begins to store updates. It takes some time for those updates to be stored, since you must wait for some BGP updates to be exchanged. However, the process of storing begins immediately. No need to hard reset to save the routing information.
You can then issue the command for a soft reset, and this will take place. However, if you want to verify that all routing updates have been completely saved, doing a hard reset after issuing the soft-reconfiguration command will ensure that all necessary updates have been exchanged (and thus have been stored immediately) without needing to wait for updates to be exchanged to ensure storage.
Just for know If I understand the difference between both.
If we use sof reconfiguration after applying the command clear ip bgp N soft in, the router will check its adj-RIB-in and then apply the new policy.
If we use route refresh that come by default the after applying the command clear ip bgp in , the router will asks its neighbor to re -send the bgp updates and then apply the new policy.
Am I right?
If you issue the clear ip bgp N soft in command without first having used the soft reconfiguration command for a particular neighbor, then you will not have any of the benefits of the soft reconfiguration feature with that neighbor, since no routes have been saved. You must first enable the feature and then issue the clear command. The result however will be what you have stated, that the adj-RIB-in will be consulted to apply the policy, and the session will not be disrupted.
Concerning your description here, yes this is the case, the router will ask its neighbor to re-send the bgp updates.
updates to the peers are created and sent automatically just after the polices are created.
Is it applicable only when we have soft reconfiguration applied under bgp to that neighbor?
Because when I add a out route-map to my neighbor, Unless I perform âclear ip bgp soft inâ from the neighbor (its route refresh I guess as I have not enabled the soft config) the policies are not enforced.
Hi LAZ ,
Thanks for your valuable post . I am a learner & hope will grab so many things from here.
Can you please check & validate whether all the below mentioned comments are correct or not
These all my understanding so far .
without appending any policy the bgp router stores all the prefix/NLRI info in adj-rib-in table.
after applying any changes on policy the update will saved in BGP global table that is LoC-RIB.
Here are the commands to verify
Loc-RIB >>> sh ip bgp
adj-rib-in >>>sh ip bgp neighbor x.x.x.x received-routes
adj-rib-out >>> sh ip bgp neighbor x.x.x.x advertised-routes
so , soft-reconfiguration command needs to applied prior to make any changes.
so before & after changes the adj-rib-in will not be differed. only Loc-RIB table will be changed post applying any policy.
Yes, all of your statements are correct. Let me just add that soft reconfiguration configurations are applied on a per neighbor basis. This means that you can choose for which neighbors you will maintain an unmodified adj-rib-in.
Iâm glad that you find the forum useful! Thatâs why weâre here, weâre happy to help!
I hope this has been helpful! Stay healthy, and safe!
Yes, if you use the clear ip bgpip addresssoftinbound/outbound command, and soft reconfiguration is not enabled for that particular neighbor, then route refresh is used by default (assuming that hasnât been disabled).
I hope this has been helpful! Stay healthy and safe!
Do you know if there is a good location with a table for how to run the same command on an ASA?
How do you do reset a single bgp connection?
How do I run filter for just a single peer bgpip when I run debug ip bgp?
Sorry if this information was someone where. When I look for BGP commands for an ASA it seems they donât always work the same as they do on a router but all the examples are for routers.
From the research that I did, I find that the ASA does not support soft reconfiguration, at least not on version 9.6 or earlier. Take a look at this Cisco community thread and related links:
The clear bgp command can be used on a Cisco ASA to either clear all BGP connections, clear connections of particular peer groups, of particular neighbors, or even of specific prefixes. The details of this command can be found here:
On my ASA I have the following:
myASA# debug ip bgp ?
A.B.C.D BGP neighbor address
events BGP events
in BGP Inbound information
ipv4 Address family
ipv6 Address family
keepalives BGP keepalives
out BGP Outbound information
range BGP dynamic range
rib-filter Next hop route watch filter events
updates BGP updates
<cr>
myASA# debug ip bgp
So it is possible to debug BGP events using a command similar to debug ip bgp 10.10.10.1 where the IP address is that of the BGP neighbor. Just for reference, I have an ASA 5506 running version 9.8(2).
It is true that the commands for BGP as well as in general are somewhat different on a Cisco ASA compared to a Cisco IOS device. You may find this documentation helpful in further exploring the ASAâs BGP capabilities:
Hello,
can you please help me clarify? So when we are denying prefix 11.11.11.11 but advertising it to other neighbors. What if some neighbor decide to use our router to reach the 11.11.11.11?
Neighbors will think that the 11.11.11.11 is reachable via our router but it will not, right?
Thank you
Yes you are correct. It all depends upon where you apply the access list to deny the advertising of such routes.
In this particular case, the 11.11.11.11/32 route is denied in an incoming direction from its neighbor R1. So R1 will still advertise the network, R2 will receive the BGP advertisement from R1 with that network included, but when R2 processes the BGP update, it will filter out the 11.11.11.11/32 network and wonât install it in its BGP table.
Now if other routers on our topology learn about the 11.11.11.11/32 network from R1âs advertisements, then they will indeed put it in their BGP tables. If we donât want that, then we can apply the access list on R1 in an outbound direction with our neighbor R2.
Remember, the ACL that is applied with a distribute-list is always applied to a particular neighbor peering and in a particular direction. If you donât want the route to be advertised to any other router, then there are other ways to accomplish this, by either removing it completely from being advertised by BGP.
I have one doubt
If soft reconfig inbound isnât enabled, youâll still have one adj-rib-in from this particular neigh ? and if soft reconfig inbound is enabled, youâll have 2 separated adj-rib-in from this particular neigh ? for example soft reconfig is enable, then you could check the unmodified adj-rib-in (before applying policy inbound) (show ip bgp neigh x.x.x.x received-routes, and then another adj-rib-in AFTER applying a policy inbound (show ip bgp neigh x.x.x.x routes) ?
When you enable soft-reconfiguration inbound on a BGP router, it essentially creates a backup of the adj-RIB-In table before applying any inbound policies or filtering. So, technically, there will be two copies of the adj-RIB-In table: one untouched copy received from the neighbor, and another one that has the inbound policies applied to it.
However, itâs important to note that this doesnât mean the router maintains two completely separate adj-RIB-In tables for the neighbor. Instead, itâs more accurate to say that it maintains one ârawâ adj-RIB-In table (when soft reconfiguration is enabled) and the âprocessedâ adj-RIB-In table.
Note that if you donât enable the soft-reconfiguration feature for a particular neighbor, if you try to display the ârawâ adj-RIB-In table, you get this:
R1#show ip bgp neighbors 192.168.12.2 received-routes
% Inbound soft reconfiguration not enabled on 192.168.12.2
R1#
The command show ip bgp neighbor x.x.x.x advertised-routes shows the routes that are being advertised to a neighbor before any outbound policies are applied. This is why you donât see the changes made by your route-map for AS path prepending.
However, if you deny a route using a route-map, it will not be in the list of advertised routes because itâs not being advertised at all.
To see the changes made by your outbound policies, you can use the debug ip bgp updates command. This command will show you the updates being sent to your neighbors, including any changes made by your outbound policies.
show ip bgp neighbors 192.168.12.2 advertised-routes or the one with received keyword.
But I didnât grasp this , If these commands show me adj-RIB tables, then what are they showing when we donât enable soft reconfiguration? Because they are the commands not related with soft-reconfiguration in âeverydayâ use.