Border Gateway Protocol (BGP) is an essential internet protocol that manages how packets get routed across the internet by exchanging information between edge routers. Cisco Nexus switches running the NX-OS operating system have specific commands and behaviors around BGP configuration, which differ slightly from other Cisco operating systems like IOS and IOS-XE. This blog post focuses on the disable-peer-as-check command, its significance, and how it varies across Cisco OS.
Prerequisites
Before diving into this topic, it is recommended that you have a basic understanding of:
- Cisco Nexus NX-OS Software
- BGP Routing Protocol
What is `disable-peer-as-check`?
When a Cisco Nexus switch with NX-OS advertises a network prefix to an external BGP (eBGP) peer, it checks the Autonomous System (AS) in the AS_PATH attribute of the BGP update. By default, the Nexus switch will not send any network prefix to an eBGP peer if the peer’s AS number is already the last entry in the AS_PATH attribute of the network prefix.
This behavior is different in Cisco’s IOS and IOS-XE; prefixes are still sent to eBGP peers even if their AS is already in the AS_PATH.
The disable-peer-as-check command modifies this default behavior in NX-OS to make it similar to IOS and IOS-XE.
Why is it Important?
If you are running a mixed environment with Cisco IOS and Cisco Nexus devices, this difference in default behavior could cause discrepancies in your BGP routing updates. If the `disable-peer-as-check` command is not enabled, specific prefixes may not get advertised to peers, causing a failure in the expected route propagation.
Sample Configuration
Example
- R1 – Cisco IOS Router
- N9K-1 – Cisco Nexus Switch running NX-OS
- R2 – Cisco IOS Router
On R1:
router bgp 64512 network 192.168.10.1 mask 255.255.255.255 neighbor 10.1.1.2 remote-as 65535
On N9K-1:
router bgp 65535 address-family ipv4 unicast neighbor 10.1.1.1 remote-as 64512 neighbor 10.2.2.1 remote-as 64512
On R2:
router bgp 64512 neighbor 10.2.2.2 remote-as 65535
In the absence of the disable-peer-as-check command on N9K-1, it will not advertise the prefix `192.168.10.1/32` to R2, as R2’s AS (64512) is the last in the AS_PATH attribute. Enabling the disable-peer-as-check command will permit this advertisement.
How to Verify
To ensure that the configuration works as expected, you can run verification commands on both N9K-1 and R2.
N9K-1# show bgp ipv4 unicast
On R2, you can enable debugs to verify the received routes.
R2# debug bgp ipv4 unicast R2# clear bgp ipv4 unicast * soft
Troubleshooting Tips
If the routes are not being advertised as expected, you can enable debugging for specific BGP neighbors or prefixes to get more information.
On N9K-1:
N9K-1# debug-filter bgp neighbor 10.2.2.1 N9K-1# debug-filter bgp prefix 192.168.10.1/32 N9K-1# debug bgp updates
Conclusion
The disable-peer-as-check command in Cisco Nexus running NX-OS allows for more consistent BGP behavior across different Cisco platforms. Understanding the default behaviors and how to modify them can be critical in ensuring that your network operates as expected. Test any configuration changes in a lab environment before deploying them in a live network.