RoutingJuly 2026 · 7 min read

BGP Route Reflectors: When and Why to Use Them

iBGP has a scaling problem baked into its rules. Route reflectors are the standard cure — but they change how best paths propagate, and a careless design can hide routes you needed. Here's how to reason about them.

The problem: iBGP full mesh

BGP's loop-prevention rule for iBGP is blunt: a route learned from one iBGP peer must not be advertised to another iBGP peer. There's no AS_PATH to detect loops inside your own AS, so BGP simply refuses to relay iBGP-learned routes.

The consequence is that every iBGP speaker must peer directly with every other iBGP speaker — a full mesh. The session count grows as n(n-1)/2. Ten routers need 45 sessions. Fifty routers need 1,225. Every new router means touching the config of every existing router — which is exactly the kind of change process that breeds outages.

What a route reflector actually does

A route reflector (RFC 4456) is an iBGP speaker allowed to break the relay rule in a controlled way. You nominate a router as the RR and configure its peers as clients. The reflection rules are:

Clients now need exactly one iBGP session (or two, for redundancy) instead of one per router. The full mesh collapses into a hub-and-spoke of control-plane sessions.

Loop prevention moves into two new BGP attributes: ORIGINATOR_ID (the router-id of the router that injected the route — a router drops routes carrying its own) and CLUSTER_LIST (each RR prepends its cluster-id; an RR drops routes already carrying its cluster-id).

When you actually need one

Rules of thumb from production:

Design rules that keep you out of trouble

Always deploy in pairs

An RR is control-plane concentration: lose your only RR and clients keep forwarding on stale routes but converge on nothing new. Two RRs, every client peering with both. For most designs, give the pair different cluster-ids (the default — each uses its router-id) so each client genuinely receives and holds routes from both.

Keep the RR out of the data path — or don't, but decide

Nothing requires an RR to forward traffic. In DC fabrics the spine RRs are in the path anyway; in WAN designs a dedicated pair of control-plane-only RRs (even VMs) is a clean pattern. What matters is that you make the choice deliberately — an in-path RR that reflects a best path it wouldn't itself use for forwarding can blackhole traffic if next-hops aren't resolvable everywhere.

Beware path hiding

This is the trap. An RR reflects only its own best path. If two exits exist for a prefix, clients learn just the one the RR prefers — losing potential ECMP and slowing convergence (clients must wait for the RR to recompute after a failure, rather than failing over to a path they already hold).

Fix: ADD-PATH (RFC 7911) lets the RR advertise multiple paths per prefix. On modern IOS-XE, NX-OS, EOS and Junos this is a few lines of config. If you run active/active exits behind RRs, you almost certainly want it.

Don't touch next-hop-self on reflected routes

RRs must not change the next hop when reflecting (client-to-client reflection with next-hop-self breaks the model and can loop traffic through the RR). Set next-hop-self on the border routers where eBGP routes enter the AS, and make sure your IGP can resolve those next hops everywhere.

Minimal working example

Arista EOS — spine as RR for a leaf pair
router bgp 65001
   router-id 10.0.0.1
   neighbor LEAVES peer group
   neighbor LEAVES remote-as 65001
   neighbor LEAVES update-source Loopback0
   neighbor LEAVES route-reflector-client
   neighbor LEAVES send-community extended
   neighbor 10.0.0.11 peer group LEAVES
   neighbor 10.0.0.12 peer group LEAVES
   !
   address-family evpn
      neighbor LEAVES activate
Cisco IOS-XE — equivalent client config on the RR
router bgp 65001
 bgp cluster-id 10.0.0.1
 neighbor 10.0.0.11 remote-as 65001
 neighbor 10.0.0.11 update-source Loopback0
 neighbor 10.0.0.11 route-reflector-client
 neighbor 10.0.0.12 remote-as 65001
 neighbor 10.0.0.12 update-source Loopback0
 neighbor 10.0.0.12 route-reflector-client

Clients need nothing special — they're ordinary iBGP speakers that happen to have only one or two peers. That asymmetry is half the operational appeal.

Summary