BGP Dynamic Neighbors are a way to bring up BGP neighbors without specifically defining the neighbors remote IP address.
Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you.
When a TCP request on port 179 is received from one of those trusted IP’s a new BGP neighor is dynamically created.
That is about it in a nutshell, if you want Cisco explaining all the details you can go here.
If you want to see a simple lab demonstrating this concept then keep reading.
We will use two routers, R1 will be the HQ site with R2 being remote site.
I will configure the BGP Listen Command to include R2’s address and you should see that the BGP dynamic neighbor is created for R2.
IP addressing is 172.16.1.1 for the HQ router and 172.16.1.2 for the remote site.
BGP Listen Range Command - Lab
Ok so the config on R1 is very simple
R1#sh run int f0/0 interface FastEthernet0/0 ip address 172.16.1.1 255.255.255.0 R1#sh run | sec router bgp router bgp 65000 bgp listen range 172.16.1.0/24 peer-group DYNAMIC neighbor DYNAMIC peer-group neighbor DYNAMIC remote-as 65000 R1#
So lets step through the config line by line
router bgp 6500
Simply the BGP process number
bgp listen range 172.16.1.0/24 peer-group DYNAMIC
This says R1 is going to listen for any BGP neighbors wanting to become peers but only from the range 172.16.1.0/24 and if it hears any it will dynamically create a neighbor and put them in the peer group DYNAMIC
neighbor DYNAMIC peer-group
This creates the peer-group called DYNAMIC
neighbor DYNAMIC remote-as 65000
All neighbors in peer group DYNAMIC will be put in AS 65000
So does it work?
Currently there are no bgp neighbors as can be seen with the sh ip bgp summary command. But as you can see there is a bit more in this output showing that the router is listening on the range 172.16.1.0/24 for BGP neighbors
R1#sh ip bgp sum BGP peergroup DYNAMIC listen range group members: 172.16.1.0/24
Lets hop over to R2 and configure a peering to R1
R2#sh run | sec router bgp
router bgp 65000
neighbor 172.16.1.1 remote-as 65000
The BGP neighbor soon comes up
R2# *May 12 20:16:07.571: %BGP-5-ADJCHANGE: neighbor 172.16.1.1 Up
Lets go back to R1 to see what the sh ip bgp summary looks like
R1#sh ip bgp sum BGP router identifier 22.214.171.124, local AS number 65000 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd *172.16.1.2 4 65000 5 5 1 0 0 00:01:28 0 * Dynamically created based on a listen range command Dynamically created neighbors: 1, Subnet ranges: 1 BGP peergroup DYNAMIC listen range group members: 172.16.1.0/24 Total dynamically created neighbors: 1/(100 max), Subnet ranges: 1 R1#
There is a lot more output here than you would normally see. But you can see it works and is a great way to dynamically bring up BGP neighbors.
In my output it is showing total dynamically created neighbors 1/100 max. This can be tuned to up to 5000 with the following command
bgp listen limit 5000
R1(config-router)#bgp listen limit ? <1-5000> max number R1(config-router)#bgp listen limit 5000 Total dynamically created neighbors: 1/(5000 max), Subnet ranges: 1 R1#
Now you can see we can listen for a max of 5000 neighbors, this is a nice feature if you deploying this for a DMVPN and you know you only have 25 sites you can limit the bgp listen limit to only allow 25 neighbors.
If you have more subnets you want to allow or multiple internet addresses you just keep adding lines to the bgp listen command. Below I am listening on two subnets, this can also be tuned for specific hosts using /32 as the mask
R1#sh run | sec router bgp router bgp 65000 bgp log-neighbor-changes bgp listen range 126.96.36.199/24 peer-group DYNAMIC bgp listen range 172.16.1.0/24 peer-group DYNAMIC bgp listen limit 5000 neighbor DYNAMIC peer-group neighbor DYNAMIC remote-as 65000 R1#
So there an easy way to create dynamic neighbors in BGP.