Use of bgp network import-check exact ?

  • 1
  • Question
  • Updated 2 years ago
Hey everyone,

stumbled across this statement 'bgp network import-check exact' in a quagga config looking at a Cumulus example repository (here: https://github.com/CumulusNetworks/cldemo-config-routing/blob/master/bgp-numbered/leaf01/Quagga.conf )

can't seem to find exactly what this does.  Based on some documentation I -think- its purpose is to make sure that Prefixes matched by a BGP network statement are Local to the devices before importing into the BGP RIB?  Suggesting the default behavior would be to to match, say, a static route or even OSPF-learned route from the RIB and bring it into the BGP RIB?

Haven't been using this statement in my lab tests prior to production rollout and so far things seem ok, curious if its considered a best practice or not to leverage this function, or if I'm even understanding its use correctly

Thanks,

Will
Photo of Will McLendon

Will McLendon

  • 440 Points 250 badge 2x thumb

Posted 2 years ago

  • 1
Photo of Sean Cavanaugh

Sean Cavanaugh, Alum

  • 3,380 Points 3k badge 2x thumb
Hey Will,

Based on some documentation I -think- its purpose is to make sure that Prefixes matched by a BGP network statement are Local to the devices before importing into the BGP RIB? 
Yes, the way I worded it on the cheat sheets is "Only honor network statements if routes are already in route table"

2.5.X cheatsheet with BGP config->
https://drive.google.com/file/d/0B7iknf22mGuyVWYwd0ZubGNhQTg/view

curious if its considered a best practice or not to leverage this function

In 3.X.X we actually made this the default because we do highly encourage it.  Check out the newest cheat sheet here with BGP config->

3.X.X cheatsheet with BGP config->
https://drive.google.com/file/d/0B7iknf22mGuyY1lyX2FoVkxIMTQ/view?usp=sharing
Photo of Don Slice

Don Slice, Employee

  • 120 Points 100 badge 2x thumb
As you've suggested, "bgp network import-check exact" causes bgp to only create bgp table entries for network statements if a matching prefix exists in the rib.  Without import-check enabled, it becomes very easy to advertise prefixes in bgp updates that the router cannot actually reach, creating black-holes.

Prior to 3.0, the default behavior was to allow network statements to create bgp table entries without a matching rib entry.  We changed it in 3.0 so that now "bgp network import-check exact" is on by default.