Skip to content
Network as Code

BGP

Border Gateway Protocol (BGP) is the de facto standard path-vector protocol used to exchange routing information between autonomous systems, supporting multi-address-family deployments including IPv4 unicast, IPv6 unicast, and L2VPN EVPN on NX-OS. It provides extensive policy control through peer templates, route maps, prefix lists, and per-neighbor address-family configuration with granular route filtering, community manipulation, and next-hop processing for both eBGP and iBGP sessions. BGP supports advanced features including enhanced error handling, graceful restart, route reflector functionality, maximum prefix limits, policy batching control, and fabric SOO for VXLAN EVPN deployments.

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

routing (nxos.devices.configuration)

Section titled “routing (nxos.devices.configuration)”
NameTypeConstraintMandatoryDefault Value
bgpClass[bgp]No

bgp (nxos.devices.configuration.routing)

Section titled “bgp (nxos.devices.configuration.routing)”
NameTypeConstraintMandatoryDefault Value
asnStringNo
shutdownBooleantrue, falseNo
disable_policy_batchingBooleantrue, falseNo
disable_policy_batching_nexthopBooleantrue, falseNo
disable_policy_batching_ipv4_prefix_listStringNo
disable_policy_batching_ipv6_prefix_listStringNo
fabric_sooStringNo
flush_routesBooleantrue, falseNo
isolateChoiceenabled, disabled, include-local, customNo
isolate_route_mapStringNo
med_dampening_intervalIntegermin: 60, max: 4294967295No
nexthop_suppress_default_resolutionBooleantrue, falseNo
rd_dualBooleantrue, falseNo
rd_dual_idIntegermin: 1, max: 65535No
peer_templatesList[peer_templates]No
router_idStringNo
allocate_indexIntegermin: 1, max: 8000No
bestpath_limit_alwaysBooleantrue, falseNo
bestpath_limitIntegermin: 1, max: 3600No
bandwidth_referenceIntegermin: 0, max: 4294967295No
bandwidth_reference_unitChoicembps, gbpsNo
cluster_idStringNo
hold_timeIntegermin: 3, max: 3600No
keepalive_intervalIntegermin: 0, max: 3600No
local_asStringNo
maxas_limitIntegermin: 1, max: 512No
modeChoicefabric, external, proxyNo
prefix_peer_timeoutIntegermin: 0, max: 1200No
prefix_peer_waitIntegermin: 0, max: 1200No
reconnect_intervalIntegermin: 1, max: 60No
router_id_autoBooleantrue, falseNo
log_neighbor_changesBooleantrue, falseNo
enforce_first_asBooleantrue, falseNo
neighbor_down_fib_accelerateBooleantrue, falseNo
suppress_fib_pendingBooleantrue, falseNo
graceful_restartChoicehelper, completeNo
graceful_restart_restart_timeIntegermin: 1, max: 3600No
graceful_restart_stalepath_timeIntegermin: 1, max: 3600No
neighborsList[neighbors]No
address_familiesList[address_families]No
vrfsList[vrfs]No

peer_templates (nxos.devices.configuration.routing.bgp)

Section titled “peer_templates (nxos.devices.configuration.routing.bgp)”
NameTypeConstraintMandatoryDefault Value
nameStringYes
remote_asStringNo
descriptionStringNo
peer_typeChoicefabric-internal, fabric-external, fabric-border-leafNo
update_source_interface_typeChoiceethernet, loopback, mgmt, port-channel, vlan, vniNo
update_source_interface_idStringNo
shutdownBooleantrue, falseNo
affinity_groupIntegermin: 0, max: 65535No
remote_as_typeChoicenone, external, internalNo
bfd_typeChoicenone, singlehop, multihopNo
bmp_activate_server_1Booleantrue, falseNo
bmp_activate_server_2Booleantrue, falseNo
capability_suppress_4_byte_asnBooleantrue, falseNo
connection_modeChoicepassiveNo
bfdBooleantrue, falseNo
disable_connected_checkBooleantrue, falseNo
dont_capability_negotiateBooleantrue, falseNo
dynamic_capabilityBooleantrue, falseNo
hold_timeIntegermin: 3, max: 3600No
keepalive_intervalIntegermin: 0, max: 3600No
log_neighbor_changesBooleantrue, falseNo
low_memory_exemptBooleantrue, falseNo
maximum_peersIntegermin: 1, max: 1000No
password_typeChoice0, 3, line, 6, 7No
passwordStringNo
remove_private_asChoicenone, remove-exclusive, remove-all, replace-asNo
inherit_peer_sessionStringNo
ebgp_multihop_ttlIntegermin: 2, max: 255No
ttl_security_hopsIntegermin: 1, max: 254No
address_familiesList[address_families]No

neighbors (nxos.devices.configuration.routing.bgp)

Section titled “neighbors (nxos.devices.configuration.routing.bgp)”
NameTypeConstraintMandatoryDefault Value
ipIPYes
remote_asStringNo
descriptionStringNo
inherit_peerStringNo
peer_typeChoicefabric-internal, fabric-external, fabric-border-leafNo
update_source_interface_typeChoiceethernet, loopback, mgmt, port-channel, vlan, vniNo
update_source_interface_idStringNo
hold_timeIntegermin: 3, max: 3600No
keepalive_intervalIntegermin: 0, max: 3600No
ebgp_multihop_ttlIntegermin: 2, max: 255No
bfdBooleantrue, falseNo
disable_connected_checkBooleantrue, falseNo
dont_capability_negotiateBooleantrue, falseNo
dynamic_capabilityBooleantrue, falseNo
password_typeChoice0, 3, line, 6, 7No
passwordStringNo
shutdownBooleantrue, falseNo
affinity_groupIntegermin: 0, max: 65535No
remote_as_typeChoicenone, external, internalNo
bfd_typeChoicenone, singlehop, multihopNo
bmp_activate_server_1Booleantrue, falseNo
bmp_activate_server_2Booleantrue, falseNo
capability_suppress_4_byte_asnBooleantrue, falseNo
connection_modeChoicepassiveNo
log_neighbor_changesBooleantrue, falseNo
low_memory_exemptBooleantrue, falseNo
maximum_peersIntegermin: 1, max: 1000No
remove_private_asChoicenone, remove-exclusive, remove-all, replace-asNo
inherit_peer_sessionStringNo
ttl_security_hopsIntegermin: 1, max: 254No
local_asStringNo
local_as_propagationChoicenone, no-prepend, replace-as, dual-asNo
address_familiesList[address_families]No

address_families (nxos.devices.configuration.routing.bgp)

Section titled “address_families (nxos.devices.configuration.routing.bgp)”
NameTypeConstraintMandatoryDefault Value
address_familyChoiceipv4-unicast, ipv4-multicast, vpnv4-unicast, ipv6-unicast, ipv6-multicast, vpnv6-unicast, vpnv6-multicast, l2vpn-evpn, ipv4-lucast, ipv6-lucast, lnkstate, ipv4-mvpn, ipv6-mvpn, l2vpn-vpls, ipv4-mdtYes
advertise_l2vpn_evpnBooleantrue, falseNo
advertise_only_active_routesBooleantrue, falseNo
advertise_pipBooleantrue, falseNo
advertise_system_macBooleantrue, falseNo
allocate_label_allBooleantrue, falseNo
allocate_label_option_bBooleantrue, falseNo
allocate_label_route_mapStringNo
bestpath_origin_as_allow_invalidBooleantrue, falseNo
bestpath_origin_as_use_validityBooleantrue, falseNo
client_to_client_reflectionBooleantrue, falseNo
nexthop_trigger_delay_criticalIntegermin: 1, max: 4294967295No
default_information_originateBooleantrue, falseNo
default_metricStringNo
export_gateway_ipBooleantrue, falseNo
dampen_igp_metricIntegermin: 0, max: 3600No
label_allocation_modeBooleantrue, falseNo
maximum_pathsIntegermin: 1, max: 512No
maximum_paths_eibgpIntegermin: 1, max: 512No
maximum_paths_eibgp_ibgpIntegermin: 1, max: 512No
maximum_paths_localIntegermin: 1, max: 512No
maximum_paths_mixedIntegermin: 1, max: 512No
maximum_paths_unequal_costBooleantrue, falseNo
nexthop_route_mapStringNo
nexthop_load_balance_egress_multisiteBooleantrue, falseNo
nexthop_trigger_delay_non_criticalIntegermin: 1, max: 4294967295No
originate_mapStringNo
origin_as_validateBooleantrue, falseNo
origin_as_validate_signal_ibgpBooleantrue, falseNo
prefix_priorityChoicenone, highNo
retain_route_target_allBooleantrue, falseNo
retain_route_target_route_mapStringNo
table_mapStringNo
table_map_filterBooleantrue, falseNo
timers_bestpath_deferIntegermin: 100, max: 3000No
timers_bestpath_defer_maximumIntegermin: 300, max: 300000No
allow_vni_in_ethertagBooleantrue, falseNo
wait_igp_convergenceBooleantrue, falseNo
networksList[networks]No
redistributionsList[redistributions]No

vrfs (nxos.devices.configuration.routing.bgp)

Section titled “vrfs (nxos.devices.configuration.routing.bgp)”
NameTypeConstraintMandatoryDefault Value
vrfStringYes
router_idStringNo
allocate_indexIntegermin: 1, max: 8000No
bestpath_limit_alwaysBooleantrue, falseNo
bestpath_limitIntegermin: 1, max: 3600No
bandwidth_referenceIntegermin: 0, max: 4294967295No
bandwidth_reference_unitChoicembps, gbpsNo
cluster_idStringNo
hold_timeIntegermin: 3, max: 3600No
keepalive_intervalIntegermin: 0, max: 3600No
local_asStringNo
maxas_limitIntegermin: 1, max: 512No
modeChoicefabric, external, proxyNo
prefix_peer_timeoutIntegermin: 0, max: 1200No
prefix_peer_waitIntegermin: 0, max: 1200No
reconnect_intervalIntegermin: 1, max: 60No
router_id_autoBooleantrue, falseNo
log_neighbor_changesBooleantrue, falseNo
enforce_first_asBooleantrue, falseNo
neighbor_down_fib_accelerateBooleantrue, falseNo
suppress_fib_pendingBooleantrue, falseNo
graceful_restartChoicehelper, completeNo
graceful_restart_restart_timeIntegermin: 1, max: 3600No
graceful_restart_stalepath_timeIntegermin: 1, max: 3600No
neighborsList[neighbors]No
address_familiesList[address_families]No

address_families (nxos.devices.configuration.routing.bgp.peer_templates)

Section titled “address_families (nxos.devices.configuration.routing.bgp.peer_templates)”
NameTypeConstraintMandatoryDefault Value
address_familyChoiceipv4-unicast, ipv6-unicast, vpnv4-unicast, vpnv6-unicast, l2vpn-evpn, lnkstateYes
send_community_standardBooleantrue, falseNo
send_community_extendedBooleantrue, falseNo
route_reflector_clientBooleantrue, falseNo
next_hop_selfBooleantrue, falseNo
next_hop_self_allBooleantrue, falseNo
disable_peer_as_checkBooleantrue, falseNo
allowas_inBooleantrue, falseNo
default_originateBooleantrue, falseNo
suppress_inactiveBooleantrue, falseNo
advertisement_intervalIntegermin: 1, max: 600No
advertise_gateway_ipBooleantrue, falseNo
advertise_local_labeled_routeBooleantrue, falseNo
aigpBooleantrue, falseNo
allowas_in_countIntegermin: 0, max: 10No
as_overrideBooleantrue, falseNo
default_originate_route_mapStringNo
dmz_link_bandwidthBooleantrue, falseNo
encapsulation_mplsBooleantrue, falseNo
link_bandwidth_cumulativeBooleantrue, falseNo
next_hop_third_partyBooleantrue, falseNo
rewrite_evpn_rt_asnBooleantrue, falseNo
soft_reconfiguration_inboundChoicenone, inbound, inbound-alwaysNo
site_of_originStringNo
unsuppress_mapStringNo
weightStringNo
maximum_prefixClass[maximum_prefix]No

address_families (nxos.devices.configuration.routing.bgp.neighbors)

Section titled “address_families (nxos.devices.configuration.routing.bgp.neighbors)”
NameTypeConstraintMandatoryDefault Value
address_familyChoiceipv4-unicast, ipv4-mvpn, vpnv4-unicast, ipv6-unicast, vpnv6-unicast, l2vpn-evpn, lnkstateYes
send_community_standardBooleantrue, falseNo
send_community_extendedBooleantrue, falseNo
route_reflector_clientBooleantrue, falseNo
next_hop_selfBooleantrue, falseNo
next_hop_self_allBooleantrue, falseNo
disable_peer_as_checkBooleantrue, falseNo
allowas_inBooleantrue, falseNo
default_originateBooleantrue, falseNo
suppress_inactiveBooleantrue, falseNo
advertisement_intervalIntegermin: 1, max: 600No
advertise_gateway_ipBooleantrue, falseNo
advertise_local_labeled_routeBooleantrue, falseNo
aigpBooleantrue, falseNo
allowas_in_countIntegermin: 0, max: 10No
as_overrideBooleantrue, falseNo
default_originate_route_mapStringNo
dmz_link_bandwidthBooleantrue, falseNo
encapsulation_mplsBooleantrue, falseNo
link_bandwidth_cumulativeBooleantrue, falseNo
next_hop_third_partyBooleantrue, falseNo
rewrite_evpn_rt_asnBooleantrue, falseNo
soft_reconfiguration_inboundChoicenone, inbound, inbound-alwaysNo
site_of_originStringNo
unsuppress_mapStringNo
weightStringNo
maximum_prefixClass[maximum_prefix]No
route_map_inStringNo
route_map_outStringNo
prefix_list_inStringNo
prefix_list_outStringNo

networks (nxos.devices.configuration.routing.bgp.address_families)

Section titled “networks (nxos.devices.configuration.routing.bgp.address_families)”
NameTypeConstraintMandatoryDefault Value
prefixStringYes
evpnBooleantrue, falseNo
route_mapStringNo

redistributions (nxos.devices.configuration.routing.bgp.address_families)

Section titled “redistributions (nxos.devices.configuration.routing.bgp.address_families)”
NameTypeConstraintMandatoryDefault Value
protocolChoicesrv6, unspecified, static, direct, bgp, isis, ospf, ospfv3, eigrp, host, rip, amt, lisp, hmm, am, dhcpv6, icmpv6Yes
protocol_instanceStringNo
route_mapStringNo
scopeChoiceintra, inter, defrtNo
srv6_prefix_typeChoiceunspecified, locatorNo
asnStringNo

maximum_prefix (nxos.devices.configuration.routing.bgp.peer_templates.address_families)

Section titled “maximum_prefix (nxos.devices.configuration.routing.bgp.peer_templates.address_families)”
NameTypeConstraintMandatoryDefault Value
numberIntegermin: 0, max: 4294967295No
actionChoicelog, shut, restartNo
restart_timeIntegermin: 1, max: 65535No
thresholdIntegermin: 1, max: 100No

Examples

Section titled “Examples”

Example 1: Basic iBGP spine-leaf peering with peer template for underlay

nxos:
  devices:
    - name: SPINE1
      configuration:
        routing:
          bgp:
            asn: "65000"
            peer_templates:
              - name: LEAF-PEERS
                remote_as: "65000"
                update_source_interface_type: loopback
                update_source_interface_id: "0"
                address_families:
                  - address_family: ipv4-unicast
                    send_community_standard: true
                    send_community_extended: true
                    route_reflector_client: true
            router_id: 10.1.100.1
            neighbors:
              - ip: 10.1.100.3
                inherit_peer: LEAF-PEERS
              - ip: 10.1.100.4
                inherit_peer: LEAF-PEERS

Example 2: EVPN address family on a leaf switch peering to spines

nxos:
  devices:
    - name: LEAF1
      configuration:
        routing:
          bgp:
            asn: "65000"
            peer_templates:
              - name: SPINE-PEERS
                remote_as: "65000"
                update_source_interface_type: loopback
                update_source_interface_id: "0"
                address_families:
                  - address_family: l2vpn-evpn
                    send_community_standard: true
                    send_community_extended: true
            router_id: 10.1.100.3
            neighbors:
              - ip: 10.1.100.1
                inherit_peer: SPINE-PEERS
              - ip: 10.1.100.2
                inherit_peer: SPINE-PEERS

Example 3: VRF-aware BGP with route targets for tenant routing

nxos:
  devices:
    - name: LEAF1
      configuration:
        routing:
          bgp:
            asn: "65000"
            vrfs:
              - vrf: BLUE
                router_id: 10.1.100.3
                log_neighbor_changes: true
                address_families:
                  - address_family: ipv4-unicast
                    advertise_l2vpn_evpn: true
                    maximum_paths: 2
                    redistributions:
                      - protocol: direct
                        route_map: PERMIT-CONNECTED
                    networks:
                      - prefix: 192.168.1.0/24
              - vrf: GREEN
                router_id: 10.1.100.3
                address_families:
                  - address_family: ipv4-unicast
                    advertise_l2vpn_evpn: true
                    maximum_paths: 2
                    redistributions:
                      - protocol: direct
                        route_map: PERMIT-CONNECTED
                    networks:
                      - prefix: 192.168.2.0/24

Example 4: Advanced peer template with route maps, BFD, and prefix limits

nxos:
  devices:
    - name: BORDER-LEAF1
      configuration:
        routing:
          bgp:
            asn: "65000"
            peer_templates:
              - name: SPINE-PEERS
                remote_as: "65000"
                update_source_interface_type: loopback
                update_source_interface_id: "0"
                bfd: true
                hold_time: 30
                keepalive_interval: 10
                log_neighbor_changes: true
                address_families:
                  - address_family: l2vpn-evpn
                    send_community_standard: true
                    send_community_extended: true
              - name: EXTERNAL-PEERS
                remote_as: "65100"
                peer_type: fabric-external
                ebgp_multihop_ttl: 2
                address_families:
                  - address_family: ipv4-unicast
                    send_community_standard: true
                    maximum_prefix:
                      number: 10000
                      action: log
                      threshold: 80
            router_id: 10.1.100.3
            neighbors:
              - ip: 10.1.100.1
                inherit_peer: SPINE-PEERS
              - ip: 10.1.100.2
                inherit_peer: SPINE-PEERS
              - ip: 172.17.1.1
                inherit_peer: EXTERNAL-PEERS
                description: "DC-Interconnect-Router"
                address_families:
                  - address_family: ipv4-unicast
                    route_map_in: INBOUND-FILTER
                    route_map_out: OUTBOUND-FILTER

Example 5: Full multi-VRF leaf with EVPN overlay, redistribute, and graceful restart

nxos:
  devices:
    - name: LEAF2
      configuration:
        routing:
          bgp:
            asn: "65000"
            flush_routes: true
            peer_templates:
              - name: SPINE-PEERS
                remote_as: "65000"
                update_source_interface_type: loopback
                update_source_interface_id: "0"
                address_families:
                  - address_family: l2vpn-evpn
                    send_community_standard: true
                    send_community_extended: true
            router_id: 10.1.100.4
            graceful_restart: complete
            graceful_restart_restart_time: 120
            graceful_restart_stalepath_time: 300
            log_neighbor_changes: true
            neighbors:
              - ip: 10.1.100.1
                inherit_peer: SPINE-PEERS
              - ip: 10.1.100.2
                inherit_peer: SPINE-PEERS
            address_families:
              - address_family: l2vpn-evpn
                retain_route_target_all: true
            vrfs:
              - vrf: BLUE
                router_id: 10.1.100.4
                address_families:
                  - address_family: ipv4-unicast
                    advertise_l2vpn_evpn: true
                    maximum_paths: 2
                    networks:
                      - prefix: 192.168.1.0/24
                    redistributions:
                      - protocol: static
                        route_map: REDISTRIBUTE-STATIC
                      - protocol: direct
                        route_map: PERMIT-CONNECTED
              - vrf: GREEN
                router_id: 10.1.100.4
                address_families:
                  - address_family: ipv4-unicast
                    advertise_l2vpn_evpn: true
                    maximum_paths: 2
                    networks:
                      - prefix: 192.168.2.0/24
                    redistributions:
                      - protocol: direct
                        route_map: PERMIT-CONNECTED
                  - address_family: ipv6-unicast
                    advertise_l2vpn_evpn: true
                    networks:
                      - prefix: 2001:db8:2::/64