Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000208011

Dell Networking OS10 BGP Passive Peering - How to form BGP Neighborship when the peer has Port 179 Blocked or Can only Be the Active BGP Peer

Summary: This article explains how to configure DELL OS10 switch as a Passive BGP Peer

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

Index

What is Active and Passive BGP peer
Behavior of OS10
Configuring Dell OS10 as Passive Peer
Sample configuration



What is Active and Passive BGP peer


Initially BGP Peer-1 is in Idle state, it sends a TCP SYN to configured Peer-1 with source port is a random port and destination port 179. Peer-2 respond to peer with a TCP SYN, ACK with source port is 179 and Destination port is the random port used by Peer-1. Peer-1 responds with a TCP SYN ACK.

After TCP session is formed BGP moves to OPENSENT state.



In the above scenario
,
Peer-1 is the Active or connecting side as it is sending the TCP SYN.
Peer-2 is the Passive or listening side as it is listening to TCP Port 179 and responds with an ACK.

When a BGP speaker is configured as active, it may end up on either the active or passive side of the connection that eventually gets established. Once the TCP connection is completed, it does not matter which end was active and which was passive.  The only difference is in which side of the TCP connection has port number 179.

 

Behavior of OS10

  • Initially If OS10 receives a TCP SYN packet with a destination port 179 from a neighbor to form BGP Neighborship, it responds with a TCP ACK
  • If it does not receive any TCP SYN, OS10 tries to actively form BGP Neighborship by sending a TCP SYN with destination port 179
 

Note
  • If the peer cannot accept TCP packet with destination Port 179 i.e can only act as Active or connecting side, then we must enable passive peering in OS10.
  • If you enable passive peering for the peer template, the system does not send an OPEN message but responds to an OPEN message.
  • BGP Passive Peering (IPv4/IPv6) do not support password until 10.5.4.4. Check the release notes/User guide of newer firmware to check if support has been added later.
  • You can restrict the number of passive sessions the neighbor accepts using the limit command.



Configuring Dell OS10 as Passive Peer

When passive peering is enabled switch does not initiates TCP connection, but it listens on TCP connection Port 179.
 

Configuration Syntax

Configuration Explanation
OS10# configure Configure
OS10(config)# router bgp <AS Number> Configure BGP
OS10(conf-router-bgp-AS)# template <template-name> Configure Peer template  to apply passive peering
OS10(conf-router-template)# listen <IP address/subnet> Enable peer listening and Ip address/subnet (Dynamic Peers*)
OS10(conf-router-template)# listen <IP address/subnet> limit <limit >        Optional: Enter maximum passive peers (Dynamic Peer*) count, which can dynamically be learned by peer listening. 
After the specified limit is reached, the next neighbor in the subnet will be treated as normal BGP peer.
OS10(conf-router-template)#exit Exit out of template
OS10(config-router-bgp-AS)# neighbor <Ip address> Configure router Neighbor mode
OS10(config-router-neighbor)# inherit template <Name> Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode.
 
*Dynamic Peers = Group of BGP neighbors that are defined by a range of IP addresses. Here we define the range of IP address by IP/subnet mask. 

 

Sample configuration

Consider the DELLOS10 switch is connected forming a BGP peering to Router and Server. Router has no restriction.
The Server has an incoming Firewall rule to block TCP destination port 179.



 

DELLOS10#
DELLOS10# configure terminal
DELLOS10(config)# router bgp 100
DELLOS10(config-router-bgp-100)# template TEST-BGP-PASSIVE
DELLOS10(config-router-template)# listen 10.0.0.2/32
DELLOS10(config-router-template)# exit
DELLOS10(config-router-bgp-100)# neighbor 10.0.0.2
DELLOS10(config-router-neighbor)# inherit template TEST-BGP-PASSIVE

Or

We can also specify an IP range to listen rather than a specific host and limit number of connection. In Below sample configuration, we have 10.0.0.0/24 subnet configured as listen to 5 Neighbor. After this limit is reached, the next neighbor in the subnet will be treated as normal BGP peer. 
DELLOS10#
DELLOS10# configure terminal
DELLOS10(config)# router bgp 100
DELLOS10(config-router-bgp-100)# template TEST-BGP-PASSIVE
DELLOS10(config-router-template)# listen 10.0.0.0/24 limit 5
DELLOS10(config-router-template)# exit
DELLOS10(config-router-bgp-100)# neighbor 10.0.0.2
DELLOS10(config-router-neighbor)# inherit template TEST-BGP-PASSIVE

Article Properties

Affected Product
PowerSwitch S4048-ON, PowerSwitch S4810P, PowerSwitch S4810-ON, PowerSwitch S4820T, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON, PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON , PowerSwitch S4248FB-ON /S4248FBL-ON, PowerSwitch S5048F-ON, PowerSwitch S5148F-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S5448F-ON, PowerSwitch Z9100-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON, PowerScale Switch S4112F, PowerScale Switch S4148F, PowerScale Switch Z9100, SmartFabric OS10 Software ...
Last Published Date

27 Feb 2023

Version

2

Article Type

How To

Back to Top