BGP Graceful Shutdown is a feature and technique that we can use to minimize traffic loss when administratively disabling a BGP peering session. Graceful shutdown utilizes a well-known community value that was standardized in RFC 8326. We can use the graceful shutdown feature to lower the local preference within the local autonomous system and signal our intent to shut down to neighboring ASes. The remote AS may have a policy defined to lower their local preference upon receipt of the GRACEFUL_SHUTDOWN community. In this article we will explore graceful shutdown configuration and operation. Because this is community based, BGP community propagation must be enabled.
Demo Network
I built the network shown below in CML to explore BGP graceful shutdown. AS 1 is an edge AS that originates 203.51.100.0/24 and announces it to AS 2 and 3, representing ISPs. The AS1 prefix originates on SW1 and SW2’s VLAN1 interface via a BGP network statement. AS 2 and 3 pass the prefix on to AS4, representing another ISP. AS4 is using high local preference to prefer using ISP2 as transit to reach AS1. DFZ1 originates prefix 11.11.11.0/24.
Graceful Shutdown for iBGP Peers
We’ll start by exploring graceful shutdown operations within AS1. Under normal conditions, SW1 and SW2 prefer to use CE1 as their next hop to reach 11.11.11.0/24 because CE1 has a lower BGP router-id than CE2. Note that both paths below have local preference set to 100.
SW1# show ip bgp 11.11.11.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 11.11.11.0/24, version 42
Paths: (2 available, best #2)
Flags: (0x8000001a) (high32 00000000) on xmit-list, is in urib, is best urib rou
te, is in HW
Path type: internal, path is valid, not best reason: Router Id, no labeled nex
thop
AS-Path: 3 4 , path sourced external to AS
172.16.255.2 (metric 41) from 172.16.255.2 (172.16.255.2)
Origin IGP, MED 0, localpref 100, weight 0
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
AS-Path: 2 4 , path sourced external to AS
172.16.255.1 (metric 41) from 172.16.255.1 (172.16.255.1)
Origin IGP, MED 0, localpref 100, weight 0
Path-id 1 not advertised to any peerSuppose we need to bring CE1 down for maintenance. We can use graceful shutdown on the CE1 to ISP1 peering session to drain traffic before the peer goes down. On CE1 in BGP configuration mode, we can use the command show below to gracefully disable the peering session between CE1 and ISP1. 90 is the number of seconds CE1 will wait before sending a shutdown notification. Local-preference 5 causes CE1 to send iBGP updates for any prefix learned from ISP1 with local preference set to 5. This will poison the path for SW1 and SW2 and cause them to flip over to the path via CE2 before the CE1-ISP1 peering goes hard down.
neighbor 192.0.2.2 shutdown graceful 90 local-preference 5 After issuing the command on CE1, we can check the path on SW1 to see the change. In the output below, we can see that the path via CE1 is no longer the best path with reason “Gshut” and the local preference set to 5. SW1 was able to swap over well before the 90 second timer expired and the CE1-ISP1 peering goes down. The CE1-ISP1 path would still be able to carry traffic until the peering goes hard down.
SW1# show ip bgp 11.11.11.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 11.11.11.0/24, version 43
Paths: (2 available, best #1)
Flags: (0x8000001a) (high32 00000000) on xmit-list, is in urib, is best urib rou
te, is in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
AS-Path: 3 4 , path sourced external to AS
172.16.255.2 (metric 41) from 172.16.255.2 (172.16.255.2)
Origin IGP, MED 0, localpref 100, weight 0
Path type: internal, path is valid, not best reason: Gshut Path, no labeled ne
xthop, gshut path
AS-Path: 2 4 , path sourced external to AS
172.16.255.1 (metric 41) from 172.16.255.1 (172.16.255.1)
Origin IGP, MED 0, localpref 5, weight 0
Community: graceful-shutdown
Path-id 1 not advertised to any peer
SW1# The output below shows the timestamps from when the graceful shutdown command was issued until the peer went down.
CE1(config-router)#neighbor 192.0.2.2 shutdown graceful 90 local-preference 5
CE1(config-router)#
*Mar 14 20:20:36.115: Graceful Shutdown after 90 seconds for neighbor: 192.0.2.2
CE1(config-router)#
*Mar 14 20:22:05.971: %BGP-3-NOTIFICATION: sent to neighbor 192.0.2.2 6/2 (Administrative Shutdown) 0 bytes
CE1(config-router)#
*Mar 14 20:22:05.971: %BGP-5-NBR_RESET: Neighbor 192.0.2.2 reset (Admin. shutdown)
*Mar 14 20:22:05.972: %BGP-5-ADJCHANGE: neighbor 192.0.2.2 Down Admin. shutdown
*Mar 14 20:22:05.972: %BGP_SESSION-5-ADJCHANGE: neighbor 192.0.2.2 IPv4 Unicast topology base removed from session Admin. shutdown Graceful Shutdown for eBGP Peers
As mentioned earlier, we can also use GS to signal our intention to bring down the session to eBGP peers. Because local-preference does not traverse AS boundaries, the remote AS needs to have a policy in place for this to work. In the demo network, I have configured ISP1 to act when it receives updates with the gshut community attached.
The route-map below is configured inbound on the peering to CE1. The prefix-list only matches the route originated in AS1. Route-map sequence 10 matches if the graceful shutdown community is attached AND if the prefix is 203.51.100.0/24. If both conditions are met, AS2 sets the local-preference to 1. If the gshut community is not present, no action is taken by sequence 10 and sequence 20 is used instead. Sequence 20 only permits AS1’s route with no attributes set.
ISP1#show ip prefix-list CUST1
ip prefix-list CUST1: 1 entries
seq 5 permit 203.51.100.0/24
ISP1#show ip community-list GRACE
Named Community standard list GRACE
permit gshut
ISP1#show route-map
route-map CUST1, permit, sequence 10
Match clauses:
ip address prefix-lists: CUST1
community (community-list filter): GRACE
Set clauses:
local-preference 1
Policy routing matches: 0 packets, 0 bytes
route-map CUST1, permit, sequence 20
Match clauses:
ip address prefix-lists: CUST1
Set clauses:
Policy routing matches: 0 packets, 0 bytes
ISP1# Recall earlier that I mentioned that DFZ1 is using local preference to prefer ISP2. This means that CE1 and DFZ1 are advertising 203.51.100.0/24 to ISP1.
ISP1#show ip bgp 203.51.100.0/24
BGP routing table entry for 203.51.100.0/24, version 46
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1
Refresh Epoch 1
1
192.0.2.1 from 192.0.2.1 (172.16.255.1)
Origin IGP, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
Updated on Mar 14 2026 20:27:24 UTC
Refresh Epoch 2
4 3 1
192.0.2.6 from 192.0.2.6 (198.51.100.6)
Origin IGP, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
Updated on Mar 14 2026 19:45:22 UTCThis comes full circle when ISP1 receives an update for 203.51.100.0/24 from CE1 with the gshut community attached. ISP1 will set the local preference to 1 for the path through CE1 and be able to quickly switch over to the path through DFZ1. This switchover will occur well before the 90 second timer expires and the BGP peering session goes down.
Just like before, I will issue the command below on CE1 and we can check ISP1 BGP table in less than 90 seconds.
neighbor 192.0.2.2 shutdown graceful 90 local-preference 5It takes approximately 30 seconds for ISP1 to start preferring the path through DFZ1. Below is ISP1’s BGP table after it receives the update for AS1s route with the gshut community. The path though CE1 is no longer the best path. Local preference is 1 as we expected based on the route-map. We can also see the gshut community attached to the prefix.
ISP1#show ip bgp 203.51.100.0/24
BGP routing table entry for 203.51.100.0/24, version 47
Paths: (2 available, best #2, table default)
Advertised to update-groups:
15
Refresh Epoch 1
1
192.0.2.1 from 192.0.2.1 (172.16.255.1)
Origin IGP, localpref 1, valid, external
Community: gshut
rx pathid: 0, tx pathid: 0
Updated on Mar 14 2026 20:38:46 UTC
Refresh Epoch 2
4 3 1
192.0.2.6 from 192.0.2.6 (198.51.100.6)
Origin IGP, localpref 100, valid, external, best
rx pathid: 0, tx pathid: 0x0
Updated on Mar 14 2026 19:45:22 UTCThat is BGP graceful shutdown in a nutshell. This exercise was my first time using gshut and I learned a lot! I hope you did too, thanks for stopping by. Below is a GitHub link to the CML YAML file for this lab.
https://github.com/routingloopnet/CML-BGP-Graceful-Shutdown/blob/main/BGP_Graceful_Restart.yaml