BGP-4
netverdict models BGP as a deterministic control-plane protocol for labs, change analysis, and policy reasoning. It is not a router image, but it does track the behaviours that usually matter in training and review scenarios: sessions, route advertisement, best-path selection, AS_PATH, LOCAL_PREF, MED, communities, route-maps, route reflection, confederations, and VPNv4.
Support level
Section titled “Support level”| Area | Level | What this means |
|---|---|---|
| IPv4 unicast BGP | Supported | eBGP / iBGP sessions, network statements, UPDATE propagation, Loc-RIB, Adj-RIB-style views. |
| Best-path selection | Supported | Deterministic subset of RFC 4271 path selection. |
| Policy | Supported | Prefix-lists, AS-path ACLs, community-lists, route-maps, inbound and outbound application. |
| Path attributes | Supported | AS_PATH, NEXT_HOP, ORIGIN, LOCAL_PREF, MED, communities. |
| Communities | Supported | Standard communities, exact community-list matching, expanded community-list regex matching. |
| Route reflection | Supported | route-reflector-client for iBGP reflection labs. |
| Peer-groups | Supported | Cisco-style and VyOS-style template inheritance. |
| Confederations | Supported | RFC 5065-style AS confederation identifier, peers, and AS_PATH handling. |
| Graceful restart | Supported | RFC 4724-style stale-route window is modelled. |
| Maximum-prefix | Supported | Prefix-limit teardown with notification-style behaviour. |
| MP-BGP VPNv4 | Supported | VPNv4 AF for L3VPN scenarios with RD / RT / VRF import-export behaviour. |
| Timers | Partial | Keepalive / hold / connect retry are deterministic simulation timers. Update damping knobs are modelled where listed below. |
| Packet fidelity | Partial | BGP packets are represented for traces / PCAP inspection, but the simulator is not a byte-for-byte vendor TCP stack. |
Standards coverage
Section titled “Standards coverage”| Standard | Coverage | Notes |
|---|---|---|
| RFC 4271, BGP-4 | Behaviour model | OPEN / UPDATE-style session behaviour, route exchange, AS_PATH loop prevention, and best-path selection subset. |
| RFC 4271 section 5.1.2 | Supported | AS_PATH is tracked and used for loop prevention and path length comparison. |
| RFC 4271 section 5.1.3 | Supported | NEXT_HOP is tracked and used for recursive reachability decisions. |
| RFC 4271 section 5.1.4 | Supported | MED is modelled and compared between routes from the same neighbouring AS. |
| RFC 4271 section 5.1.5 | Supported | LOCAL_PREF defaults to 100 and can be changed by route-map or default local-preference. |
| RFC 4271 section 9.1.2.2 | Behaviour model | Best-path order is deterministic and documented below. |
| RFC 2385, TCP MD5 | Behaviour model | neighbor ... password must match on both sides for a session to establish. Real TCP MD5 bytes are not computed. |
| RFC 1997, Communities | Supported | Standard communities are attached, matched, and propagated in policy scenarios. |
| RFC 4364, BGP/MPLS IP VPNs | Behaviour model | VPNv4 routes, route distinguishers, route-target import/export, and VRF route projection are modelled. |
| RFC 4456, Route Reflection | Supported | Route-reflector clients can receive reflected iBGP routes. |
| RFC 4724, Graceful Restart | Supported | Restart-time and stale-path timers are modelled. |
| RFC 5065, Confederations | Supported | Confederation identifier, peer sub-AS list, and confed AS_PATH treatment are modelled. |
| RFC 4486, BGP Cease Subcodes | Behaviour model | Maximum-prefix teardown uses the maximum-prefix cease behaviour at the model level. |
Best-path order
Section titled “Best-path order”netverdict compares BGP candidates in this order:
| Step | Rule |
|---|---|
| 1 | Higher LOCAL_PREF wins. |
| 2 | Locally originated routes win over received routes. |
| 3 | Shorter AS_PATH wins. Confederation segments do not count toward length. |
| 4 | Lower ORIGIN wins: igp, then egp, then incomplete. |
| 5 | Lower MED wins when both routes came from the same neighbouring AS. |
| 6 | eBGP-learned routes beat iBGP-learned routes. |
| 7 | Lower IGP cost to NEXT_HOP wins when the engine has a resolver. |
| 8 | Older route wins. |
| 9 | Lower advertising router / neighbour address wins as stable final tie-break. |
This is intentionally deterministic. Replaying the same topology with the same commands should produce the same best path.
Feature matrix
Section titled “Feature matrix”| Feature | Status | Notes |
|---|---|---|
router bgp <asn> | Supported | One BGP process per device. |
bgp router-id <ip> | Supported | Explicit router ID; otherwise derived by runtime. |
| IPv4 unicast AF | Supported | Default working AF for classic BGP labs. |
address-family ipv4 | Supported | Includes VRF sub-mode for per-VRF neighbours. |
address-family vpnv4 | Supported | Used by L3VPN / MP-BGP scenarios. |
network <prefix> mask <mask> | Supported | Locally originates IPv4 unicast or AF-specific routes. |
| eBGP neighbours | Supported | Remote-AS mismatch prevents establishment. |
| iBGP neighbours | Supported | Same-AS neighbours participate in iBGP behaviour. |
neighbor ... activate | Supported | Top-level and AF-level activation. |
neighbor ... update-source | Supported | Source-interface setting for loopback-style sessions. |
neighbor ... next-hop-self | Supported | Rewrites NEXT_HOP for outbound advertisements. |
neighbor ... route-reflector-client | Supported | Enables route reflection for iBGP client scenarios. |
neighbor ... peer-group | Supported | Peer-group templates and binding. |
neighbor ... description | Supported | Stored and emitted for operator-visible config fidelity. |
neighbor ... shutdown | Supported | Forces the session down. |
neighbor ... ebgp-multihop | Supported | Stores and applies multihop eBGP reachability intent. |
neighbor ... password | Behaviour model | Matching password required on both sides; no real TCP-MD5 segment hashing. |
neighbor ... fall-over bfd | Supported | BFD-down forces BGP idle. |
neighbor ... maximum-prefix | Supported | Tears down the session when accepted prefixes exceed the configured limit. |
neighbor ... soft-reconfiguration inbound | Supported | Stores inbound pre-policy routes for received-route inspection. |
neighbor ... advertisement-interval | Supported | Coalesces UPDATE bursts to the peer. |
neighbor ... as-origination-interval | Supported | Coalesces locally-originated UPDATEs. |
neighbor ... send-community | Accepted | Communities are sent when present; the command is accepted for config fidelity. |
| Prefix-list policy | Supported | neighbor ... prefix-list NAME in / out. |
| Route-map policy | Supported | neighbor ... route-map NAME in / out. |
| AS-path access-list | Supported | Regex-like AS_PATH matching in route-maps. |
| Standard community-list | Supported | Exact community matching. |
| Expanded community-list | Supported | JavaScript-regex match against printed <asn>:<n> form. |
set local-preference | Supported | Route-map action. |
set as-path prepend | Supported | Route-map action. |
set metric | Supported | MED route-map action. |
set community | Supported | Supports replacement, additive, and none. |
set ip next-hop | Supported | Route-map action. |
set origin | Supported | Route-map action. |
bgp default local-preference | Supported | Default LOCAL_PREF for local originated routes. |
bgp graceful-restart | Supported | Restart and stale-path timers are modelled. |
bgp confederation identifier | Supported | Public confederation AS. |
bgp confederation peers | Supported | Member sub-AS list. |
aggregate-address | Stored | Accepted and emitted. Current FIB programming does not yet originate the aggregate route. |
| Unnumbered BGP | Config model | Stored for FRR / VyOS-style import, but IPv4 runtime sessions need numbered peers today. |
| Add-path | Not modelled | Only the selected best path is installed / advertised for normal IPv4 unicast. |
| Route flap damping | Not modelled | Advertisement interval is supported; full damping penalty logic is not. |
| RPKI / origin validation | Not modelled | Planned as a later policy/compliance feature. |
Vendor command matrix
Section titled “Vendor command matrix”| Command | IOS-style | Junos-style | VyOS-style | Notes |
|---|---|---|---|---|
router bgp 65001 | Supported | n/a | n/a | Cisco-family process mode. |
bgp router-id 1.1.1.1 | Supported | Supported | Supported | Maps to canonical router ID. |
neighbor 10.0.0.2 remote-as 65002 | Supported | Supported | Supported | Core numbered neighbour form. |
neighbor 10.0.0.2 update-source Loopback0 | Supported | Supported | Supported | Source-interface intent. |
neighbor 10.0.0.2 next-hop-self | Supported | Supported | Supported | Also available in AF form on some vendors. |
neighbor 10.0.0.2 route-reflector-client | Supported | Supported | Supported | Used for iBGP reflection scenarios. |
neighbor 10.0.0.2 description TEXT | Supported | Supported | Supported | Stored / emitted as metadata. |
neighbor 10.0.0.2 shutdown | Supported | Supported | Supported | Administrative down. |
neighbor 10.0.0.2 ebgp-multihop 4 | Supported | Supported | Supported | Multihop eBGP intent. |
neighbor 10.0.0.2 password SECRET | Supported | Partial | Supported | Behaviour model for TCP-MD5-style password match. |
neighbor 10.0.0.2 fall-over bfd | Supported | Not yet | Partial | BFD integration exists in canonical model. |
neighbor 10.0.0.2 maximum-prefix 100 | Supported | Not yet | Partial | Prefix-limit session teardown. |
neighbor 10.0.0.2 route-map RM in | Supported | Partial | Supported | Policy maps to canonical route-map references. |
neighbor 10.0.0.2 prefix-list PL out | Supported | Partial | Supported | Prefix-list policy. |
neighbor PEERS peer-group | Supported | n/a | Supported | Template / inheritance model. |
neighbor 10.0.0.2 peer-group PEERS | Supported | n/a | Supported | Binding to template. |
address-family ipv4 | Supported | n/a | Supported | Cisco / VyOS syntax differs but maps to IPv4 unicast AF. |
address-family ipv4 vrf BLUE | Supported | Partial | Partial | Per-VRF IPv4 BGP for L3VPN edge cases. |
address-family vpnv4 | Supported | Partial | Partial | MP-BGP VPNv4 scenarios. |
network 192.0.2.0 mask 255.255.255.0 | Supported | Supported | Supported | Locally originated route. |
bgp default local-preference 200 | Supported | Supported | Partial | Default local-pref for local originated routes. |
bgp graceful-restart | Supported | Supported | Supported | Restart / stale-path timers where syntax is implemented. |
bgp confederation identifier 65000 | Supported | Partial | Supported | RFC 5065 model. |
bgp confederation peers 65001 65002 | Supported | Partial | Supported | Member sub-AS list. |
aggregate-address 10.0.0.0 255.0.0.0 | Stored | Not yet | Not yet | Accepted / emitted; aggregate route origination not yet active. |
show ip bgp | Supported | Vendor-shaped view | Vendor-shaped view | Loc-RIB / best-path table. |
show ip bgp summary | Supported | Vendor-shaped view | Vendor-shaped view | Neighbour session state. |
show ip bgp neighbors | Supported | Vendor-shaped view | Vendor-shaped view | Neighbour details. |
show ip bgp neighbors <ip> received-routes | Supported | Partial | Partial | Requires inbound storage / modelled RIB-In. |
show ip bgp neighbors <ip> advertised-routes | Supported | Partial | Partial | Post-policy RIB-Out view. |
show ip bgp peer-group | Supported | n/a | Partial | Shows peer-group templates and bindings. |
show ip bgp confederation | Supported | n/a | Partial | Shows confederation state. |
Behaviour notes
Section titled “Behaviour notes”BGP timers are simulated in the event queue. The engine does not sleep for real keepalive or hold timers; it schedules deterministic events so tests, labs, and shared URLs replay consistently.
Policy is applied in the same direction users expect: inbound policy affects
what enters the local BGP table, and outbound policy affects what the peer sees.
received-routes and advertised-routes are useful because they let you
inspect both sides of that boundary.
Route-map matching is deliberately concrete. Prefix-lists match prefixes,
AS-path ACLs match the printed AS_PATH representation, standard
community-lists match exact community values, and expanded community-lists use
JavaScript regular expressions against the printed asn:value form. Cisco’s
special _ AS-path/community regex boundary syntax is not emulated.
Graceful restart keeps stale paths available during the configured restart window. That makes it useful for protocol-behaviour labs, but it is still a model, not a reproduction of every vendor’s restart helper edge case.
VPNv4 is designed around practical L3VPN reachability: VRF route distinguishers make otherwise-overlapping prefixes unique, route targets control import/export, and MP-BGP carries the VPN route between PEs.
Examples
Section titled “Examples”Basic eBGP
configure terminalrouter bgp 65001 bgp router-id 1.1.1.1 neighbor 10.0.12.2 remote-as 65002 address-family ipv4 network 192.168.1.0 mask 255.255.255.0 neighbor 10.0.12.2 activateendshow ip bgp summaryshow ip bgpVendor styles
IOS-style
router bgp 65001 bgp router-id 1.1.1.1 neighbor 10.0.12.2 remote-as 65002 address-family ipv4 network 192.0.2.0 mask 255.255.255.0 neighbor 10.0.12.2 activate neighbor 10.0.12.2 route-map CUSTOMER-IN inJunos-style
set routing-options router-id 1.1.1.1set routing-options autonomous-system 65001set protocols bgp group EBGP type externalset protocols bgp group EBGP peer-as 65002set protocols bgp group EBGP neighbor 10.0.12.2 import CUSTOMER-INset policy-options policy-statement CUSTOMER-IN then local-preference 200VyOS-style
set protocols bgp system-as 65001set protocols bgp parameters router-id 1.1.1.1set protocols bgp neighbor 10.0.12.2 remote-as 65002set protocols bgp address-family ipv4-unicast network 192.0.2.0/24set protocols bgp neighbor 10.0.12.2 address-family ipv4-unicast route-map import CUSTOMER-INSet LOCAL_PREF inbound
configure terminalroute-map PREFER-R2 permit 10 set local-preference 200router bgp 65001 neighbor 10.0.12.2 route-map PREFER-R2 inendshow ip bgpPrepend AS_PATH outbound
configure terminalroute-map PREPEND-OUT permit 10 set as-path prepend 65001 65001 65001router bgp 65001 neighbor 10.0.12.2 route-map PREPEND-OUT outendshow ip bgp neighbors 10.0.12.2 advertised-routesTag and match a community
configure terminalip community-list standard CUSTOMER-A permit 65001:100route-map TAG-OUT permit 10 set community 65001:100 additiveroute-map ACCEPT-CUSTOMER-A permit 10 match community CUSTOMER-Arouter bgp 65001 neighbor 10.0.12.2 route-map TAG-OUT outendConfigure a route reflector client
configure terminalrouter bgp 65000 neighbor 10.0.1.2 remote-as 65000 neighbor 10.0.1.2 route-reflector-client neighbor 10.0.2.2 remote-as 65000 neighbor 10.0.2.2 route-reflector-clientendshow ip bgp summaryEnable graceful restart
configure terminalrouter bgp 65000 bgp graceful-restart bgp graceful-restart restart-time 240 bgp graceful-restart stalepath-time 600endshow ip bgp summaryRunnable labs
Section titled “Runnable labs”| Lab | Covers | Link |
|---|---|---|
| BGP local preference | Inbound policy and best-path preference | Open lab |
| BGP AS-path prepend | Outbound route-map policy and AS_PATH length | Open lab |
| BGP community tag and filter | Standard communities and community-list policy | Open lab |
| BGP MED | MED as same-neighbour-AS tiebreak | Open lab |
| BGP expanded community-list | Regex matching against printed community values | Open lab |
Known limits
Section titled “Known limits”netverdict does not aim to reproduce every vendor BGP daemon edge case.
The current model does not implement add-path, full route flap damping, RPKI/origin validation, every vendor-specific default, or every AFI/SAFI a production router can carry. Aggregate-address is accepted and emitted, but aggregate route origination is not yet active in the FIB programmer.
Use this page as a support contract for the simulator’s BGP behaviour: precise where it says supported, explicit where it is partial, and quiet about things that are not modelled yet.