Network Automation Engineer: Roger Perkin CCIE 50038

CCIE, Wireless, F5, Ansible, AWS, Cloud and data centre to Network Automation - my journey as a network engineer

My CCIE Study Plan - 11 Chapters of Personal Experience
Home >> BGP >> BGP Listen Range Command

BGP Listen Range Command

BGP Dynamic Neighbors are a way to bring up  BGP neighbors without specifically defining the neighbors remote IP address.

Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you.

When a TCP request on port 179 is received from one of those trusted IP’s a new BGP neighor is dynamically created.

That is about it in a nutshell, if you want Cisco explaining all the details you can go here.

If you want to see a simple lab demonstrating this concept then keep reading.

We will use two routers, R1 will be the HQ site with R2 being remote site.

I will configure the BGP Listen Command to include R2’s address and you should see that the BGP dynamic neighbor is created for R2.

IP addressing is 172.16.1.1 for the HQ router and 172.16.1.2 for the remote site.

BGP Listen Range Command – Lab

bgp listen range topology rogers ccie blog

Ok so the config on R1 is very simple

R1#sh run int f0/0

interface FastEthernet0/0
 ip address 172.16.1.1 255.255.255.0
R1#sh run | sec router bgp
router bgp 65000
 bgp listen range 172.16.1.0/24 peer-group DYNAMIC
 neighbor DYNAMIC peer-group
 neighbor DYNAMIC remote-as 65000
R1#

So lets step through the config line by line

router bgp 6500
Simply the BGP process number

bgp listen range 172.16.1.0/24 peer-group DYNAMIC
This says R1 is going to listen for any BGP neighbors wanting to become peers but only from the range 172.16.1.0/24 and if it hears any it will dynamically create a neighbor and put them in the peer group DYNAMIC

neighbor DYNAMIC peer-group
This creates the peer-group called DYNAMIC

neighbor DYNAMIC remote-as 65000
All neighbors in peer group DYNAMIC will be put in AS 65000

So does it work?

Currently there are no bgp neighbors as can be seen with the sh ip bgp summary command. But as you can see there is a bit more in this output showing that the router is listening on the range 172.16.1.0/24 for BGP neighbors

R1#sh ip bgp sum
BGP peergroup DYNAMIC listen range group members:
 172.16.1.0/24

Lets hop over to R2 and configure a peering to R1

R2#sh run | sec router bgp
router bgp 65000
neighbor 172.16.1.1 remote-as 65000

The BGP neighbor soon comes up

R2#
*May 12 20:16:07.571: %BGP-5-ADJCHANGE: neighbor 172.16.1.1 Up

Lets go back to R1 to see what the sh ip bgp summary looks like

R1#sh ip bgp sum
BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor   V         AS        MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*172.16.1.2 4  65000        5                5               1            0     0         00:01:28               0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1
BGP peergroup DYNAMIC listen range group members:
 172.16.1.0/24
Total dynamically created neighbors: 1/(100 max), Subnet ranges: 1
R1#

There is a lot more output here than you would normally see. But you can see it works and is a great way to dynamically bring up BGP neighbors.

In my output it is showing total dynamically created neighbors 1/100 max. This can be tuned to up to 5000 with the following command

bgp listen limit 5000

R1(config-router)#bgp listen limit ?
 <1-5000> max number
R1(config-router)#bgp listen limit 5000
Total dynamically created neighbors: 1/(5000 max), Subnet ranges: 1
R1#

Now you can see we can listen for a max of 5000 neighbors, this is a nice feature if you deploying this for a DMVPN and you know you only have 25 sites you can limit the bgp listen limit to only allow 25 neighbors.

If you have more subnets you want to allow or multiple internet addresses you just keep adding lines to the bgp listen command. Below I am listening on two subnets, this can also be tuned for specific hosts using /32 as the mask

R1#sh run | sec router bgp
router bgp 65000
 bgp log-neighbor-changes
 bgp listen range 173.16.1.0/24 peer-group DYNAMIC
 bgp listen range 172.16.1.0/24 peer-group DYNAMIC
 bgp listen limit 5000
 neighbor DYNAMIC peer-group
 neighbor DYNAMIC remote-as 65000
R1#

So there an easy way to create dynamic neighbors in BGP.

Want to learn more about Network Automation?

Network Automation skills are becoming a must for network engineers of the future. Get started and learn the skills you need for the future with my course on Ansible for Network Engineers Today!

Show me more about the network automation course

Reader Interactions

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for Ansible Network Automation Training?


Learn how to install Ansible, write your first playbook and start automating your network today.


Network Automation Course

The Author

roger perkin ccie network automation engineer
Roger Perkin, (CCIE #50038) is a Senior Network & Security Consultant.
Currently working for Softcat plc.
Roger is an evangelist for Network Automation and is continuing to develop skills in Ansible and the Devops culture.
Contact

Most Visited Pages

Software Upgrade Guides
Wireless Console Cable
Network Automation Tools 
Bose Connect Windows 10
Private VLANs explained
Cisco ISE Overview

Ansible

Where are Ansible Modules stored
Ansible IOS Command Example
Ansile Backup Cisco Config
How to Install Ansible Tower
Ansible Network Automation Training
Resources

Home Office

Best Vertical Mouse
My Standing Desk
Folding Laptop Stand - Roost

Personal Development

How to Focus

Get Connected