SR OS routers can send and receive VPN-IPv4 routes with IPv4 next-hops. They can also be configured (using the extended-nh-encoding command) to receive VPN-IPv4 routes with IPv6 next-hop addresses from selected BGP peers by signaling the corresponding Extended NH Encoding BGP capability to those peers during session setup. If the capability is not advertised to a peer, such routes are not accepted from that peer. Also, if the SR OS router does not receive an Extended NH Encoding capability advertisement for [NLRI AFI=1, NLRI SAFI=128, next-hop AFI=2] from a peer, it does not advertise VPN-IPv4 routes with IPv6 next-hops to that peer.
When a VPN-IPv4 BGP route is advertised to an EBGP peer, the next-hop-self command applies if the enable-inter-as-vpn command is configured or if the enable-subconfed-vpn-forwarding and the next-hop-self commands are configured toward the EBGP peer; otherwise there is no change to the next-hop. The next-hop-self command results in one of the following outcomes.
If the EBGP session uses IPv4 transport, the BGP next-hop is taken from the value of the local address used to set up the session.
If the EBGP peer has opened an IPv6-transport session by advertising an extended NH encoding capability with (NLRI AFI=1, NLRI SAFI=128, next-hop AFI=2) and, in the configuration of the local router, the session is associated with an advertise-ipv6-next-hops vpn-ipv4 command, then the BGP next-hop is set to the value of the IPv6 local address used to set up the session. Otherwise, the BGP next-hop is set to the IPv4 address of the system interface.
If the enable-inter-as-vpn command is configured, the next-hop-self command applies automatically if a VPN-IPv4 BGP route is received from an EBGP peer and readvertised to an IBGP or confederation-EBGP peer. If the enable-inter-as-vpn command is not configured but the enable-subconfed-vpn-forwarding command is configured, the next-hop-self command can be set manually toward any IBGP or confederation-EBGP peer with the same label-swap forwarding behavior as provided by the enable-inter-as-vpn command. In either case, the next-hop-self command results in one of the following outcomes.
If the IBGP or confederation-EBGP session uses IPv4 transport, then the BGP next-hop is taken from the value of the local address used to set up the session.
If the IBGP or confederation-EBGP peer has opened an IPv6-transport session by advertising an extended NH encoding capability with (NLRI AFI=1, NLRI SAFI=128, next-hop AFI=2) and, in the configuration of the local router, the session is associated with an advertise-ipv6-next-hops vpn-ipv4 command, then the BGP next-hop is set to the value of the IPv6 local address used to set up the session. Otherwise, the BGP next-hop is set to the IPv4 address of the system interface.
When a VPN-IPv4 BGP route is reflected from one IBGP peer to another IBGP peer, the RR does not modify the next-hop by default. However, if the next-hop-self command is applied to the IBGP peer receiving the route and the enable-rr-vpn-forwarding command is configured, a next-hop-self and label swap behavior can be provided. Alternatively, the same behavior can be achieved by configuring the enable-subconfed-vpn-forwarding command and setting the next-hop-self command toward the targeted IBGP peer. In either case, next-hop-self results in one of the following outcomes.
If the IBGP session receiving the reflected route uses IPv4 transport, the BGP next-hop is taken from the value of the local address used to set up the session.
If the IBGP session receiving the reflected route has opened an IPv6-transport session by advertising an extended NH encoding capability with (NLRI AFI=1, NLRI SAFI=128, next-hop AFI=2) and, in the configuration of the local router, the session is associated with an advertise-ipv6-next-hops vpn-ipv4 command, then the BGP next-hop is set to the value of the IPv6 local address used to set up the session. Otherwise, the BGP next-hop is set to the IPv4 address of the system interface.
When a VPN-IPv4 BGP route is reflected from one IBGP peer to another IBGP peer and enable-rr-vpn-forwarding command is configured and the VPN-IPv4 route is matched and accepted by an export policy entry with a next-hop <ip-address> action, this changes the BGP next-hop of the matched routes to <ip-address>, except if <ip-address> is an IPv6 address and the receiving IBGP peer did not advertise an extended NH encoding capability with (NLRI AFI=1, NLRI SAFI=128, next-hop AFI=2) or, in the configuration of the local router, the session is not associated with an advertise-ipv6-next-hops vpn-ipv4 command. In this case, the route is treated as though it was rejected by the policy entry.