Disable the Border Gateway Protocol neighbors

  • Article

This article provides examples demonstrating how a user can implement the read write (RW) commands to disable Border Gateway Protocol (BGP) neighbors.

Shut down a specific peer at Virtual Routing and Forwarding (VRF) level

The following shows a snapshot of the Network Fabric Device before making changes to the configuration using RW API:

sh ip bgp  summary vrf gfab1-isd

BGP summary information for VRF gfab1-isd
Router identifier 10.XXX.14.34, local AS number 650XX
Neighbor Status Codes: m - Under maintenance
  Neighbor            V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.XXX.13.15        4 650XX         129458    168981    0    0 00:06:50 Estab   189    189
  **10.XXX.30.18        4 650XX          42220     42522    0    0 00:00:44 Estab   154    154**
  10.XXX.157.8        4 645XX          69211     74503    0    0   21d20h Estab   4      4
  fda0:XXXX:XXXX:d::f 4 650XX         132192    171982    0    0   28d18h Estab   0      0

Execute the following command to disable the BGP neighbor:

az networkfabric device run-rw --resource-name <ResourceName> --resource-group <ResourceGroupName> --rw-command "router bgp 65055\n vrf gfab1-isd\n neighbor 10.100.30.18 shutdown"

Expected output:

{}

sh ip bgp summary vrf gfab1-isd

BGP summary information for VRF gfab1-isd
Router identifier 10.XXX.14.34, local AS number 650XX
Neighbor Status Codes: m - Under maintenance
  Neighbor            V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.XXX.13.15        4 650XX         129456    168975    0    0 00:04:31 Estab   189    189
  **10.XXX.30.18        4 650XX          42210     42505    0    0 00:01:50 Idle(Admin)**
  10.XXX.157.8        4 645XX          69206     74494    0    0   21d20h Estab   4      4
  fda0:d59c:df06:d::f 4 65055         132189    171976    0    0   28d18h Estab   0      0

Apr  XX XXX:54 AR Bgp: %BGP-3-NOTIFICATION: sent to neighbor 10.XXX.30.18 (VRF gfab1-isd AS 650XX) 6/2 (Cease/administrative shutdown <Hard Reset>) reason:
Apr  XX XXX:54 AR Bgp: %BGP-3-NOTIFICATION: sent to neighbor 10.XXX.30.18 (VRF gfab1-isd AS 650XX) 6/5 (Cease/connection rejected) 0 bytes

Command with --no-wait --debug

az networkfabric device run-rw --resource-name <ResourceName> --resource-group <ResourceGroupName> --rw-command "router bgp 65055\n vrf gfab1-isd\n neighbor 10.100.30.18 shutdown" --no-wait –debug
Parameter Description
az networkfabric device run-rw Azure CLI command for executing a read-write operation on a network device within Azure Network Fabric.
--resource-name Specifies the name of the resource (network device) on which the RW operation will be performed.
--resource-group Specifies the name of the resource group that contains the network device.
--rw-command "router bgp 65055\n vrf gfab1-isd\n neighbor 10.100.30.18 shutdown" Specifies the RW commands to be executed on the network device. These commands configure BGP settings and shut down a specific neighbor.
--no-wait Indicates that the command should be executed asynchronously without waiting for the operation to complete.
--debug Flag enabling debug mode, providing additional information about the execution of the command for troubleshooting purposes.

Expected output:

cli.knack.cli: Command arguments: \['networkfabric', 'device', 'run-rw', '--resource-name', <ResourceName>, '--resource-group', <ResourceGroupName>, '--rw-command', 'router bgp 65055\\\\n vrf gfab1-isd\\\\n neighbor 10.100.30.18 shutdown', '--debug'\]
cli.knack.cli: \_\_init\_\_ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute \[\]
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate \[<function CLILogging.on\_global\_arguments at 0x01F1A610>;, <function OutputProducer.on\_global\_arguments at 0x0211B850>, <function CLIQuery.on\_global\_arguments at 0x021314A8>\]
cli.azure.cli.core.sdk.policies: 'Azure-AsyncOperation': 'https://eastus.management.azure.com/subscriptionsXXXXXXXXXXXXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/e239299a-8c71-426e-8460-58d4c0b470e2\*850DA565ABE0036AB?api-version=2022-01-15-privatepreview&t=638479088323069839&c=

You can programmatically check the status of the operation by running the following command:

az rest -m get -u "<Azure-AsyncOperation-endpoint url>"

Example of the Azure-AsyncOperation endpoint URL extracted from the truncated output.

<https://eastus.management.azure.com/subscriptions/xxxxxxxxxxx/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/xxxxxxxxxxx?api-version=20XX-0X-xx-xx>

The status indicates whether the API succeeded or failed.

Expected output:

https://eastus.management.azure.com/subscriptions/XXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/e239299a-8c71-426e-8460-58d4c0b470e2AB?api-version=2022-01-15-privatepreview

{

"endTime": "2024-XX-XXT10:14:13.2334379Z",
"id": "/subscriptions/XXXXXXXXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/e239299a-8c71-426e-DA565ABE0036AB",
"name": "e239299a-8c71-426e-8460-58d4c0b470e2\*E98FEC8C2D6479A6C0A450CE6E20DA4C9DDBF225A07F7F4850DA565ABE0036AB",
"properties": null,
"resourceId": "/subscriptions/XXXXXXXXXXXX/resourceGroups/ResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/ResourceName",
"startTime": "2024-XX-XXT10:13:52.0438351Z",
"status": "Succeeded"
}

Shut down the peer group at VRF level

This example shows how the RW configuration is shuts down the peer group at a VRF level.

sh ip bgp  summary vrf gfab1-isd

BGP summary information for VRF gfab1-isd
Router identifier 10.XXX.14.34, local AS number 650XX
Neighbor Status Codes: m - Under maintenance
  Neighbor            V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.XXX.13.15        4 650XX         129458    168981    0    0 00:06:50 Estab   189    189
  10.XXX.30.18        4 650XX          42220     42522    0    0 00:00:44 Estab   154    154
**  10.XXX.157.8        4 645XX          69211     74503    0    0   21d20h Estab   4      4**
  fda0:XXXX:XXXX:d::f 4 650XX         132192    171982    0    0   28d18h Estab   0      0

az networkfabric device run-rw --resource-name <ResourceName>; --resource-group <ResourceGroupName> --rw-command "router bgp 65055\\n neighbor untrustnetwork shutdown"
Parameter Description
az networkfabric device run-rw Azure CLI command for executing a read-write operation on a network device within Azure Network Fabric.
--resource-name Specifies the name of the resource (network device) on which the RW operation is performed.
--resource-group Specifies the name of the resource group that contains the network device.
--rw-command "router bgp 65055\n neighbor untrustnetwork shutdown" Specifies the RW commands to be executed on the network device. These commands configure BGP settings to shut down the neighbor named "untrustnetwork".

Expected output:

{}

sh ip bgp  summary vrf gfab1-isd

BGP summary information for VRF gfab1-isd
Router identifier 10.XXX.14.34,
Neighbor            V AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.XXX.13.15        4 65055         129462    168986    0    0 00:10:10 Estab   189    189
  10.XXX.30.18        4 65055          42224     42527    0    0 00:04:04 Estab   154    154
  fda0:XXX:XXXX:d::f 4 65055       132196    171987    0    0   28d18h Estab   0      0

AR-CE1)#Apr  X XX-XX:09 AR-CE1 Bgp: %BGP-3-NOTIFICATION: sent to neighbor **10.XXX.157.8** (VRF gfab1-isd AS 64512) 6/2 (Cease/administrative shutdown <Hard Reset>) reason: 

Apr  8 13:24:11 AR-CE1 Bgp: %BGP-3-NOTIFICATION: sent to neighbor **10.XXX.157.8** (VRF gfab1-isd AS 64512) 6/5 (Cease/connection rejected) 0 bytes

Command with --no-wait --debug

az networkfabric device run-rw --resource-name <ResourceName> --resource-group <ResourceGroupName> --rw-command "router bgp 65055\n neighbor untrustnetwork shutdown" --no-wait --debug
Parameter Description
az networkfabric device run-rw Azure CLI command for executing a read-write operation on a network device within Azure Network Fabric.
--resource-name Specifies the name of the resource (network device) on which the RW operation is performed.
--resource-group Specifies the name of the resource group that contains the network device.
--rw-command "router bgp 65055\n neighbor untrustnetwork shutdown" Specifies the RW commands to be executed on the network device. These commands configure BGP settings to shut down the neighbor named "untrustnetwork".
--no-wait Indicates that the command should be executed asynchronously without waiting for the operation to complete.
--debug Flag enabling debug mode, providing additional information about the execution of the command for troubleshooting purposes.

Expected truncated output:

cli.knack.cli: Command arguments: ['networkfabric', 'device', 'run-rw', '--resource-name', <ResourceName>, '--resource-group', <ResourceGroup>, '--rw-command', 'router bgp 65055\\n neighbor untrustnetwork shutdown', '--debug'] 
cli.knack.cli: __init__ debug log: 
Enable color in terminal. 
cli.knack.cli: Event: Cli.PreExecute [] 
cli.azure.cli.core.sdk.policies:     'Expires': '-1' 
cli.azure.cli.core.sdk.policies:     'Location': 'https://eastus2euap.management.azure.com/subscriptions/XXXXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/4659700f-0280-491d-b478-491c6a88628c*F348648BDC06F42B2EDBC6E58?api-version=2022-01-15-privatepreview&t=638481804853087320 
telemetry.process: Return from creating process 
telemetry.main: Finish creating telemetry upload process.

You can programmatically check the status of the operation by running the following command:

az rest -m get -u "<Azure-AsyncOperation-endpoint url>"

Example of the Azure-AsyncOperation endpoint URL extracted from the truncated output.

<https://eastus.management.azure.com/subscriptions/xxxxxxxxxxx/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/xxxxxxxxxxx?api-version=20XX-0X-xx-xx>

The status indicates whether the API succeeded or failed.

Expected output:

https://eastus.management.azure.com/subscriptions/XXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/e239299a-8c71-426e-8460-58d4c0b470e2AB?api-version=2022-01-15-privatepreview

{

"endTime": "2024-XX-XXT10:14:13.2334379Z",
"id": "/subscriptions/XXXXXXXXXXXXXX/providers/Microsoft.ManagedNetworkFabric/locations/EASTUS/operationStatuses/e239299a-8c71-426e-DA565ABE0036AB",
"name": "e239299a-8c71-426e-8460-58d4c0b470e2\*E98FEC8C2D6479A6C0A450CE6E20DA4C9DDBF225A07F7F4850DA565ABE0036AB",
"properties": null,
"resourceId": "/subscriptions/XXXXXXXXXXXX/resourceGroups/ResourceGroup/providers/Microsoft.ManagedNetworkFabric/networkDevices/ResourceName",
"startTime": "2024-XX-XXT10:13:52.0438351Z",
"status": "Succeeded"
}

Incorrect configuration operation

If you try to implement a configuration command on the device and the configuration is incorrect, the configuration isn't enforced on the device. The prompt yields a typical error response, indicating a gNMI SET failure. To rectify this error, reapply the correct configuration. There's no change to the state of the device.

az networkfabric device run-rw --resource-name <ResourceName> --resource-group <ResourceGroupName> --rw-command "router bgp 4444\n vrf gfab1-isd\n niehgbor 10.100.30.18 shudown"
Parameter Description
az networkfabric device run-rw Azure CLI command for executing a read-write operation on a network device within Azure Network Fabric.
--resource-name Specifies the name of the resource (network device) on which the RW operation is performed.
--resource-group Specifies the name of the resource group that contains the network device.
--rw-command "router bgp 4444\n vrf gfab1-isd\n niehgbor 10.100.30.18 shudown" Specifies the RW commands to be executed on the network device. These commands configure BGP settings to shut down the neighbor with IP address 10.100.30.18 within the VRF named "gfab1-isd".

Expected output:

Error: Message: \[GNMI SET failed. Error: GNMI SET failed: rpc error: code = config failed to apply.

Related content