BGP Listen Range Command

BGP Dynamic Neighbors are a way to bring up  BGP neighbors without specifically defining the neighbors remote IP address.

Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you.

When a TCP request on port 179 is received from one of those trusted IP’s a new BGP neighor is dynamically created.

That is about it in a nutshell, if you want Cisco explaining all the details you can go here.

If you want to see a simple lab demonstrating this concept then keep reading.

We will use two routers, R1 will be the HQ site with R2 being remote site.

I will configure the BGP Listen Command to include R2’s address and you should see that the BGP dynamic neighbor is created for R2.

IP addressing is 172.16.1.1 for the HQ router and 172.16.1.2 for the remote site.

BGP Listen Range Command – Lab

Ok so the config on R1 is very simple

R1#sh run int f0/0

interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
R1#sh run | sec router bgp
router bgp 65000
 bgp listen range 172.16.1.0/24 peer-group DYNAMIC
 neighbor DYNAMIC peer-group
 neighbor DYNAMIC remote-as 65000
R1#

So lets step through the config line by line

router bgp 6500
Simply the BGP process number

bgp listen range 172.16.1.0/24 peer-group DYNAMIC
This says R1 is going to listen for any BGP neighbors wanting to become peers but only from the range 172.16.1.0/24 and if it hears any it will dynamically create a neighbor and put them in the peer group DYNAMIC

neighbor DYNAMIC peer-group
This creates the peer-group called DYNAMIC

neighbor DYNAMIC remote-as 65000
All neighbors in peer group DYNAMIC will be put in AS 65000

So does it work?

Currently there are no bgp neighbors as can be seen with the sh ip bgp summary command. But as you can see there is a bit more in this output showing that the router is listening on the range 172.16.1.0/24 for BGP neighbors

R1#sh ip bgp sum
BGP peergroup DYNAMIC listen range group members:
 172.16.1.0/24

Lets hop over to R2 and configure a peering to R1

R2#sh run | sec router bgp
router bgp 65000
neighbor 172.16.1.1 remote-as 65000

The BGP neighbor soon comes up

R2#
*May 12 20:16:07.571: %BGP-5-ADJCHANGE: neighbor 172.16.1.1 Up

Lets go back to R1 to see what the sh ip bgp summary looks like

R1#sh ip bgp sum
BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor   V         AS        MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*172.16.1.2 4  65000        5                5               1            0     0         00:01:28               0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1
BGP peergroup DYNAMIC listen range group members:
 172.16.1.0/24
Total dynamically created neighbors: 1/(100 max), Subnet ranges: 1
R1#

There is a lot more output here than you would normally see. But you can see it works and is a great way to dynamically bring up BGP neighbors.

In my output it is showing total dynamically created neighbors 1/100 max. This can be tuned to up to 5000 with the following command

bgp listen limit 5000

R1(config-router)#bgp listen limit ?
 <1-5000> max number
R1(config-router)#bgp listen limit 5000
Total dynamically created neighbors: 1/(5000 max), Subnet ranges: 1
R1#

Now you can see we can listen for a max of 5000 neighbors, this is a nice feature if you deploying this for a DMVPN and you know you only have 25 sites you can limit the bgp listen limit to only allow 25 neighbors.

If you have more subnets you want to allow or multiple internet addresses you just keep adding lines to the bgp listen command. Below I am listening on two subnets, this can also be tuned for specific hosts using /32 as the mask

R1#sh run | sec router bgp
router bgp 65000
 bgp log-neighbor-changes
 bgp listen range 173.16.1.0/24 peer-group DYNAMIC
 bgp listen range 172.16.1.0/24 peer-group DYNAMIC
 bgp listen limit 5000
 neighbor DYNAMIC peer-group
 neighbor DYNAMIC remote-as 65000
R1#

So there an easy way to create dynamic neighbors in BGP.