outbound connections. You cannot configure any attributes for the dynamic peers. You
cannot remove a dynamic peer with the no neighbor ip-address command.
When a dynamic peer goes from the established state to the idle state for any reason,
BGP removes the dynamic peer only if it does not go back to the established state within
1 minute. This delay enables you to see the dynamic peer in show command output; for
example, you might want to see the reason for the last reset or how many times the
session flapped.
While a dynamic peer is not in the established state, the show ip bgp neighbor command
displays the number of seconds remaining until the dynamic peer will be removed.
If you have configured the neighbor allow command for multiple peer groups, when an
incoming BGP connection matches the access list of more than one of these peer groups,
the dynamic peer is created only in the first peer group. (BGP orders peer groups
alphabetically by name.)
When the BGP speaker receives an open message from a dynamic peer, the remote AS
number must match one of the following criteria; the connection is closed if it does not:
•
If the peer group has a configured remote AS number, then the received AS number
must be the same as the configured remote AS number.
•
If the peer group does not have a configured AS number, then the received AS number
must be consistent with the peer type of the peer group. Use the neighbor peer-type
command to configure the type of the peer-group.
If a peer group has been configured with a peer type but not a remote AS, then the remote
AS for dynamic peers is not known until an open message has been received from the
peer. Until then, show commands display the remote AS as “ ?” or “ unknown.”
Static peers that you configure with the neighbor remote-as or neighbor peer-group
commands take precedence over the dynamic peers created as a result of the neighbor
allow command. If the remote address of an incoming BGP connection matches both a
static peer and the access list, the static peer is used and no dynamic peer is created. If
you configure a new static peer while a dynamic peer for the same remote address already
exists, BGP automatically removes the dynamic peer.
You can optionally specify the maximum number of dynamic peers that BGP can create
for the peer group. There is no default maximum. In the absence of a specified maximum,
the number of dynamic peers allowed is determined by the available memory and CPU.
Dynamic peers consume about the same resources as static peers.
When the maximum number of dynamic peers has been created for a peer group, BGP
rejects all subsequent connection attempts for that group. This behavior means that you
can specify a maximum to help protect against denial-of-service attacks that attempt
to create many dynamic peers to overwhelm your router resources.
BGP generates a log message whenever a dynamic peer is created, rejected because the
maximum has been reached, or removed. BGP maintains counters for each peer group
for the current number of dynamic peers, the highest number of concurrent dynamic
Copyright © 2010, Juniper Networks, Inc.48
JunosE 11.2.x BGP and MPLS Configuration Guide
To Next Page
Loading...
Need help?
General
