How to Administratively Disable a BGP Peer on NSX is an article that aims to show how to disable a BGP peer administratively.
Disabling a BGP peer to stop the neighborhood between them can be helpful or necessary in some situations. For instance, the Tier-0 gateway has two BGP neighbors in the following topology. We will show how to disable one using the NSX UI:
Checking the BGP Peers’ Status Through the NSX UI
To check the BGP peer status, we must go to the Tier-0 gateway’s view.
Access the NSX UI –> Networking –> Connectivity –> Tier 0 Gateways and expand the Tier-0 you want to check these details.
In our example, the Tier-0 gateway name is “VCF-T0”. Its status is “Success,” the BGP is enabled, and it has two configured BGP neighbors:
Clicking on the number under “BGP Neighbors” shows details about the BGP neighbors, such as the neighborhood’s status. Our lab has two BGP neighbors (IPs 10.0.22.1 and 10.20.23).1) and their status is “Success,” as we can see in the following picture:
Expanding the first one and clicking on “BGP CONNECTIVITY STATUS,” we can see the connection status with this BGP peer:
Our Tier-0 gateway has two NSX Edge Nodes, each with its BGP peer.
The first NSX Edge is “edge-01,” and its connection status is “Established.” It means in the BGP world that they have a connection established, and they have been changing routing information usually:
The same status for our “edge-02”:
Checking the BGP Peers’ Status Through the NSX CLI
To check the BGP peer status from the command line, we need to access the NSX Edge Node by SSH and identify the VRF logical router instance number on which our Tier-0 gateway is running:
get logical-router
The previous command shows all logical routers present in the NSX Edge Node. In our example, the VRF 3 is used for our Tier-0 gateway (in our scenario, this number can be different).
The next step is to access the VRF 3 and check the BGP peers’ status:
vrf 3
get bgp neighbor summary
The column “State” shows the BGP peer status. “Estab” means “Established”.
We can do the same steps on the second NSX Edge Node “edge-02”.
Each NSX Edge Node has two BGP Peers!Disabling a BGP Peer Administratively
First, we need to enable the “Toggle Visibility” to allow the admin user to switch between the two UI modes available on the NSX UI: Policy Mode and Manage Mode. Change this option as we can see in the following picture (after changing it, do a logoff and login into the NSX UI to apply this new configuration):
After that, go to the Networking menu and change to the Manager mode by clicking on the “MANAGER” button:
Click on the Tier-0 gateway and do to the BGP section under the Routing option:
Select the BGP peer and click on Edit.
Note that the Admin status is enabled for both BGP Peers:
Under Admin status, toggle the button to disabled:
And now, here we go 🙂
Our BGP peer has been disabled administratively 🙂
The BGP peer connection status will be “Idle”, as we can see in the following picture:
If you need to enable it again, edit the BGP peer and toggle the button to enable it!