Professional Documents
Culture Documents
BGP
Main goal = loop free exchange of routing information between ASs
Current version is BGPv4
v4 supports VLSM and CIDR
Only version allowed on public Internet
Policy based routing protocol = control traffic flow by using multiple BGP path attributes
Path vector routing = announces path and network reachable at end of path
Uses TCP as its transport layer (port 179)
Connection-oriented reliable delivery
2 routers using BGP form TCP connection
Exchange messages to open, confirm connection parameters = peers or neighbors
When first establish connection = full exchange of BGP routes
All other updates are incremental triggered updates
Sends keepalive messages to verify TCP connectivity, every 60 seconds by default
AS 65100 AS 65102
172.16.1.1
A B
172.16.1.2
Router A Router B
router bgp 65100 router bgp 65102
neighbor 172.16.1.2 remote-as 65102 neighbor 172.16.1.1 remote-as 65100
IBGP neighbors
If IBGP w/ multi path between IBGP neighbors
BGP checks source IP address of BGP packet to configured list of neighbors
If no match, discards packet
Solution - make neighbor address a loopback
Must override default source IP address used for BGP packets
BGP Router mode command
neighbor ip-address update-source interface-type-number
Must also announce loopback in IGP routing protocol
B AS 65101
AS 65100 AS 65102
172.16.1.1
192.168.1.2
10.1.1.1 10.2.2.1
A D
172.16.1.2 10.3.3.1 10.4.4.1
192.168.1.1
Lo0 Lo0
1.1.1.1 C 4.4.4.4
router A router D
router bgp 65101 router bgp 65101
neighbor 172.16.1.1 remote-as 65100 neighbor 192.168.1.1 remote-as 65102
neighbor 4.4.4.4 remote-as 65101 neighbor 1.1.1.1 remote-as 65101
neighbor 4.4.4.4 update-source lo0 neighbor 1.1.1.1 update-source lo0
192.168.1.0/24
AS 65100 .1 AS 65101
Lo0 2.2.2.2 .2 Lo0 1.1.1.1
192.168.2.0/24
BGP next-hop-self
Addresses need to override a router’s default next-hop behavior
Force it to advertise itself as next-hop address
IP address used for next-hop-self will be the same as the source IP address of BGP packet
R(config-router)# neighbor ip-address next-hop-self
BGP synchronization
BGP states that BGP and IGP must be synchronized before BGP can use networks learned from IBGP
neighbor
BGP synchronization is disabled by default in IOS 12.2(8) T and later
o Allows advertising of routes learned from IBGP neighbor not present in local routing table
o Allows routers to carry fewer routes in IGP
o Allows BGP to converge more quickly
o Safe if all routers in transit path running BGP (full mesh IBGP)
Use synchronization if routers in BGP transit path within AS are not running BGP
R(config-router)# synchronization
no synchronization
BGP states
When establishing BGP session, BGP goes through following states:
Idle = router is searching routing table to see whether route exists to reach neighbor
Connect = router found route to neighbor, completed 3-way TCP handshake
Open sent = open message sent w/ BGP session parameters
Open confirm = received agreement on session parameters
Active = no response to open message
Established = peering established, routing begins
view session states with debug ip bgp all
show ip bgp neighbors display information about BGP neighbor connections
show ip bgp summary if state column has a number (learned routes) = state is established
Troubleshooting states
Idle = waiting for static route to that IP address/network to be configured
Waiting for IGP to learn this route
Incorrect IP address in neighbor statement
Verify IGP announces route
Active = no open confirm message
Verify source IP address announced by IGP
Incorrect IP address in neighbor statement
Mis-configuration of AS
Remember that the attributes are applied to routing updates. This is often the only an AS under your
administration can pass information to another AS.
Metric characteristics (BGP Attributes)
Well-known or optional
Mandatory or discretionary
Transitive or nontransitive
Partial
Valid categories
Well-known mandatory = must be present in all BGP updates
o AS path = AS number of each AS route update passes through is prepended
List of all AS routes traversed to reach destination
Number of originating AS at end of list
Used to prevent routing loops
o Next hop = IP address of border router to be used as next hop to destination
EBGP = IP address of neighbor that sent the update
IBGP = IP address advertised by EBGP
Can change next hop with neighbor next-hop-self
o Origin – defines the origin of the path information
IGP route (network stmt), indicated with “i” in BGP table
EGP route (redistributed), indicated with “e” in BGP table
Unknown route or learned by other means (redistributed from IGP or static),
indicated with “?” in BGP table
Well-known discretionary = does not have to be present in all BGP updates
o Local preference – used by routers within the AS to specify which path is preferred to exit
the AS.
Configured on router, exchanged within same AS only
Influences outbound traffic
Not passed to EBGP peers
Default value = 100
Higher local preference is better
bgp default local-preference value
Command changes default local preference value for all routes advertised to IBGP
neighbors
o Atomic aggregate
Optional transitive = if not recognized, mark as partial and propagate to neighbors
o Aggregator
o Community – BGP community allows routers to tag routes with a community tag to allow
other routers to make decisions based on that tag. Used for destinations that share
properties and policies.
Optional nontransitive = if not recognized, discard (do not pass)
o Multi-exit discriminator (MED)
Exchanged between ASs only, propagated w/i AS but not passed on
Influences inbound traffic to AS
Default value is 0, lower MED is better
Sent to BGP peers – they propagate within their AS, but don’t pass to the next AS
MED is the BGP metric (used in show ip bgp)
Router mode command
default-metric number
All routes advertised to EBGP neighbor are set to value
Weight Attribute
o Cisco proprietary attribute
Configured locally on route , not propagated to other routers
Used with 1 router with multiple exit points in AS
Value of 0 – 65535
Router originates route = 32768
Other paths = 0 = default
Higher weight is better
Both paths out of AS 65001 are loop-free, synchronized-disabled, have valid next-hop address, all routes
have weight of 0, default local preference of 100, Router C did not originate any of the routes and
neither Router A or Router B is using next-hop-self option = all three default to shortest AS path
Router A configuration
router bgp 65001 access-list 65 permit 172.30.0.0 0.0.255.255
neighbor 2.2.2.2 remote-as 65001 route –map LOCAL-PREF permit 10
neighbor 3.3.3.3 remote-as 65001 match ip address 65
neighbor 2.2.2.2 remote-as 65001 update-source lo0 set local-preference 400
neighbor 3.3.3.3 remote-as 65001 update-source lo0 route-map LOCAL-PREF permit 20
neighbor 192.168.28.1 remotes-as 65002
neighbor 192.168.28.1 route-map LOCAL-PREF in
Route map 10 statement allows setting of local preference to higher 400 value for only 172.30.0.0 updates
Route map 20 statement is permit all of remaining routes, remain at default local preference of 100
Route map in applied to neighbor 192.168.28.1 “IN” – meaning it is applied to incoming routing updates from
that neighbor.
Both paths between AS 65001 and AS 65004 are loop-free, synchronized-disabled, have valid next-hop
address, all routes have weight of 0, default local preference of 100, same AS path, same default MED of 0.
Route will be based on last three selection criteria - oldest router for EBGP paths, path w/ lowest neighbor
BGP router ID or path w/ lowest neighbor IP address.
Administrator wants packets to 192.168.25.0 and 192.168.26.0 to use Router A, packets for 192.168.24.0 to
use Router B unless there is a link/router failure.
Use MED , a higher selection criteria
In the example above, customer (65213) accepts only a default route from the 2 ISPs and uses
the link to AS 65387 as the primary link for outbound traffic. REMEMBER, WE ONLY HAVE
CONTROL OF OUR AS.
10
Route-map FILTER permit 10
Match ip address prefix-list DEFONLY
Match as-path 10
Set weight 150
Route-map FILTER permit 20
Match ip address prefix-list DEFONLY
Set weight 100
DEFONLY will only match the default route of 0.0.0.0/0. Highest weight wins.
Soft reset = does not reset BGP session, creates new update w/ entire table
Global mode
clear ip bgp soft out Soft reset of outbound updates, resends all BGP to neighbors
clear ip bgp soft Soft reset of inbound and outbound updates
Router mode
Stores all updates from this neighbor in case inbound policy is changed = very memory-intensive
neighbor ip-address soft-reconfiguration inbound
11
Global mode
clear ip bgp { * | neighbor-address} soft in
BGP authentication
Exchange key (password) between routers or peer group
Router authenticates source of each BGP packet
Supports MD5 neighbor authentication = message digest is sent, not key
neighbor { ip-address | peer-grp-name} password key
key is case sensitive, 25 chars maximum
can contain alpha numeric and spaces but no space after number
Error messages
%TCP-6-ADAUTH: No MD5 digest from …. Password configured on only 1 router
%TCP-6-ADAUTH: Invalid MD5 digest from …. 2 routers have different passwords configured
D
192.168.24.1 AS 65100
B
AS 65101 A
C 192.168.26.1
192.168.27.1
12
Example:
All routers running IBGP, using loopback as IP source address for all BGP Packets, using own IP as next-
hop address
Router C does not want to pass private addresses so has distribute list
access-list 20 deny 10.0.0.0 0.255.255.255
access-list 20 deny 172.16.0.0 0.31.255.255
access-list 20 deny 192.168.0.0 0.0.0.255.25
access-list permit 20
13