You are on page 1of 13

CCNP ROUTE

Chapter 6 Notes – BGP

Routing protocol review


AS = autonomous system = collection of networks under a single technical administration
 AS number assigned by IANA
 16-bit ranging from 1 – 65,535
 private numbers are 64,512 – 65,535
IGPs operate within AS (RIP, EIGRP, OSPF, IS-IS)
EGPs operate between AS (BGP)
 Typically used to exchange routing information between ISPs
 More suitable between customer and provider when customer has multiple connections to ISP=
called multihoming
o Increase reliability of Internet connection (fault tolerance)
o Increase performance to Internet connection
 Can multihome to single ISP or multiple ISPs
o Multiple ISPs = redundancy
 Effective alternative to using default routes
 Ability to manipulate path attributes to select optimal path

BGP
Main goal = loop free exchange of routing information between ASs
Current version is BGPv4
 v4 supports VLSM and CIDR
 Only version allowed on public Internet
Policy based routing protocol = control traffic flow by using multiple BGP path attributes
 Path vector routing = announces path and network reachable at end of path
Uses TCP as its transport layer (port 179)
 Connection-oriented reliable delivery
2 routers using BGP form TCP connection
 Exchange messages to open, confirm connection parameters = peers or neighbors
 When first establish connection = full exchange of BGP routes
 All other updates are incremental triggered updates
 Sends keepalive messages to verify TCP connectivity, every 60 seconds by default

BGP message types


open = first message sent by each side after TCP connection established
 if acceptable, side receiving message sends keepalive message confirming open message
 establishes BGP connection, can exchange other message types
 includes holdtime and BGP router ID
keepalive = used to ensure connection between peers still exist
update = used to exchange routing tables and incremental updates
notification = in response to errors or special conditions
 closes BGP connection
BGP neighbor relationships
Any router running BGP is a BGP speaker
Must be configured explicitly to establish adjacency with neighbor
Number of neighbors is limited
All exchanged routes placed in BGP table or forwarding table
Best routes for each network selected using BGP route selection process offered to IP routing table
IP routing table compares offered routes and best route based on admin distance installed in table
EBGP = external BGP, between routers in different ASs
Admin distance = 20
EGBP neighbors must be directly connected
IP address in neighbor command must be reachable w/o using IGP
Directly connected network
Static route
IBGP = internal BGP, between routers in same AS
Admin distance = 200
IBGP neighbors do not have to be directly connected if reachable through IGP
Must be able to exchange TCP handshakes
Directly connected network
Static routes
Interior routing protocol

BGP basic configuration


R(config0# router bgp AS
Identifies local AS the router belongs to
Helps router determine if neighbors are IBGP or EBGP
Neighbor with same AS = IBGP
Neighbor with different AS = EBGP
Does NOT activate BGP (need 1 sub command to activate BGP)
Only one instance of BGP per router
Activate BGP session
R(config-router)# neighbor ip-address remote-as AS
Address must be reachable (directly connected, static route or IGP routed)
Shut down BGP neighbor
Before major policy changes and/or change of multiple parameters, to prevent route flapping
Shut down neighbor router first
neighbor ip-address shutdown
Implement changes
Bring router back up
no neighbor ip-address shutdown
Basic EBGP

AS 65100 AS 65102
172.16.1.1
A B
172.16.1.2

Router A Router B
router bgp 65100 router bgp 65102
neighbor 172.16.1.2 remote-as 65102 neighbor 172.16.1.1 remote-as 65100

IBGP neighbors
If IBGP w/ multi path between IBGP neighbors
BGP checks source IP address of BGP packet to configured list of neighbors
If no match, discards packet
Solution - make neighbor address a loopback
Must override default source IP address used for BGP packets
BGP Router mode command
neighbor ip-address update-source interface-type-number
Must also announce loopback in IGP routing protocol

B AS 65101
AS 65100 AS 65102
172.16.1.1
192.168.1.2
10.1.1.1 10.2.2.1
A D
172.16.1.2 10.3.3.1 10.4.4.1
192.168.1.1
Lo0 Lo0
1.1.1.1 C 4.4.4.4

router A router D
router bgp 65101 router bgp 65101
neighbor 172.16.1.1 remote-as 65100 neighbor 192.168.1.1 remote-as 65102
neighbor 4.4.4.4 remote-as 65101 neighbor 1.1.1.1 remote-as 65101
neighbor 4.4.4.4 update-source lo0 neighbor 1.1.1.1 update-source lo0

router eigrp router eigrp


net 10.0.0.0 net 10.0.0.0
net 1.0.0.0 net 4.0.0.0
EBGP neighbors “peering” issue
Normally EBGP peers are 1 hop from each other as neighbor must be directly connected address
Default TTL = 1
However, redundant paths between EBGP neighbors must use loopback address
Need to increase default 1 hop to greater count
R(config-router)# neighbor ip-address ebgp-multihop [ ttl ]

192.168.1.0/24
AS 65100 .1 AS 65101
Lo0 2.2.2.2 .2 Lo0 1.1.1.1
192.168.2.0/24

router bgp 65100 router bgp 65101


neighbor 1.1.1.1 remote-as 65101 neighbor 2.2.2.2 remote-as 65100
neighbor 1.1.1.1 update-source lo0 neighbor 2.2.2.2 update-source lo0
neighbor 1.1.1.1 ebgp-multihop 2 neighbor 2.2.2.2 ebgp-multihop 2

ip route 1.1.1.1 255.255.255.255 192.168.1.2 ip route 2.2.2.2 255.255.255.255 192.168.1.1


ip route 1.1.1.1 255.255.255.255 192.168.2.2 ip route 2.2.2.2 255.255.255.255 192.168.2.1

BGP route injecting (advertising)


It indicates to BGP which networks it should originate from this router
The list of network commands must include all networks in your AS that you want to advertise
NVRAM determines maximum number of network commands allowed
network ip-network-number [mask network-mask] [route-map map-tag]
w/o mask advertises classful networks, at least one subnet must be present in IP routing table
w/ mask, BGP looks for exact match in local routing table before announcing the route
Can add static route to null interface so BGP can find exact match
The network command does NOT start BGP on specific interface!

BGP default next-hop behavior


BGP is hop-by-hop (AS-by-AS) routing protocol
Default next-hop is next AS (IP address to reach next AS)
For EBGP default next hop is the IP address of the neighboring router that sent the update
For IBGP the next hop advertised by EBGP should be carried into IBGP

BGP next-hop-self
Addresses need to override a router’s default next-hop behavior
Force it to advertise itself as next-hop address
IP address used for next-hop-self will be the same as the source IP address of BGP packet
R(config-router)# neighbor ip-address next-hop-self

BGP synchronization
BGP states that BGP and IGP must be synchronized before BGP can use networks learned from IBGP
neighbor
BGP synchronization is disabled by default in IOS 12.2(8) T and later
o Allows advertising of routes learned from IBGP neighbor not present in local routing table
o Allows routers to carry fewer routes in IGP
o Allows BGP to converge more quickly
o Safe if all routers in transit path running BGP (full mesh IBGP)
Use synchronization if routers in BGP transit path within AS are not running BGP
R(config-router)# synchronization
no synchronization

BGP states
When establishing BGP session, BGP goes through following states:
Idle = router is searching routing table to see whether route exists to reach neighbor
Connect = router found route to neighbor, completed 3-way TCP handshake
Open sent = open message sent w/ BGP session parameters
Open confirm = received agreement on session parameters
Active = no response to open message
Established = peering established, routing begins
view session states with debug ip bgp all
show ip bgp neighbors display information about BGP neighbor connections
show ip bgp summary if state column has a number (learned routes) = state is established

Troubleshooting states
Idle = waiting for static route to that IP address/network to be configured
Waiting for IGP to learn this route
Incorrect IP address in neighbor statement
Verify IGP announces route
Active = no open confirm message
Verify source IP address announced by IGP
Incorrect IP address in neighbor statement
Mis-configuration of AS

Selecting BGP path


BGP metrics are path attributes attached to update routes

Remember that the attributes are applied to routing updates. This is often the only an AS under your
administration can pass information to another AS.
Metric characteristics (BGP Attributes)
 Well-known or optional
 Mandatory or discretionary
 Transitive or nontransitive
 Partial
Valid categories
 Well-known mandatory = must be present in all BGP updates
o AS path = AS number of each AS route update passes through is prepended
 List of all AS routes traversed to reach destination
 Number of originating AS at end of list
 Used to prevent routing loops
o Next hop = IP address of border router to be used as next hop to destination
 EBGP = IP address of neighbor that sent the update
 IBGP = IP address advertised by EBGP
 Can change next hop with neighbor next-hop-self
o Origin – defines the origin of the path information
 IGP route (network stmt), indicated with “i” in BGP table
 EGP route (redistributed), indicated with “e” in BGP table
 Unknown route or learned by other means (redistributed from IGP or static),
indicated with “?” in BGP table
 Well-known discretionary = does not have to be present in all BGP updates
o Local preference – used by routers within the AS to specify which path is preferred to exit
the AS.
 Configured on router, exchanged within same AS only
 Influences outbound traffic
 Not passed to EBGP peers
 Default value = 100
 Higher local preference is better
 bgp default local-preference value
 Command changes default local preference value for all routes advertised to IBGP
neighbors
o Atomic aggregate
 Optional transitive = if not recognized, mark as partial and propagate to neighbors
o Aggregator
o Community – BGP community allows routers to tag routes with a community tag to allow
other routers to make decisions based on that tag. Used for destinations that share
properties and policies.
 Optional nontransitive = if not recognized, discard (do not pass)
o Multi-exit discriminator (MED)
 Exchanged between ASs only, propagated w/i AS but not passed on
 Influences inbound traffic to AS
 Default value is 0, lower MED is better
 Sent to BGP peers – they propagate within their AS, but don’t pass to the next AS
 MED is the BGP metric (used in show ip bgp)
 Router mode command
 default-metric number
 All routes advertised to EBGP neighbor are set to value
 Weight Attribute
o Cisco proprietary attribute
 Configured locally on route , not propagated to other routers
 Used with 1 router with multiple exit points in AS
 Value of 0 – 65535
 Router originates route = 32768
 Other paths = 0 = default
 Higher weight is better

Selecting BGP path


 If multiple paths exist to network, paths are evaluated
o Only synchronized routes w/ no AS loops and valid next hop considered
 Paths determined NOT to be best path eliminated from selection but kept in BGP forwarding table
(show ip bgp)
o Not designed to perform load balancing – not based on bandwidth
 Preference order - eliminates multiple paths until single path is left
o Prefer highest weight (local to router)
o Prefer highest local preference (global within AS)
o Prefer route originated by local router (next hop = 0.0.0.0)
o **Prefer shortest AS path** most common reason for selection
o Prefer lowest origin code (IGP < EGP < incomplete)
o Prefer lowest MED (from other AS)
o **Prefer EBGP over IBGP path** second most common reason for selection
o Prefer path from closest IGP neighbor
o Prefer oldest router for EBGP paths
o Prefer path w/ lowest neighbor BGP router ID
o Prefer path w/ lowest neighbor IP address
 Submits best path to routing table, evaluated against any other routing protocols
o BGP administrative distance – EBGP = 20; IBGP = 200
o Route with lowest admin distance installed in routing table
BGP path Selection with Route Maps
Example: Setting Local preference with Route Maps

Both paths out of AS 65001 are loop-free, synchronized-disabled, have valid next-hop address, all routes
have weight of 0, default local preference of 100, Router C did not originate any of the routes and
neither Router A or Router B is using next-hop-self option = all three default to shortest AS path

Best path from Router C to 172.16.0.0 in AS 65003 is Router A = (65002, 65003)


Router B = (65005, 65004, 65003)
Best path from Router C to 172.24.0.0 in AS 65005 is Router B = (65006)
Router A = (65002, 65003, 65004, 65005)
Best path from Router C to 172.30.0.0 in AS 65004 is Router B = (65005, 65004)
Router A = (65002, 65003, 65004)
Traffic analysis reveals router B link heavily used, router A hardly used at all
Administrator = divert traffic to 172.30.0.0 out Router A to next hop 192.168.28.1 to balance load

Router A configuration
router bgp 65001 access-list 65 permit 172.30.0.0 0.0.255.255
neighbor 2.2.2.2 remote-as 65001 route –map LOCAL-PREF permit 10
neighbor 3.3.3.3 remote-as 65001 match ip address 65
neighbor 2.2.2.2 remote-as 65001 update-source lo0 set local-preference 400
neighbor 3.3.3.3 remote-as 65001 update-source lo0 route-map LOCAL-PREF permit 20
neighbor 192.168.28.1 remotes-as 65002
neighbor 192.168.28.1 route-map LOCAL-PREF in

Route map 10 statement allows setting of local preference to higher 400 value for only 172.30.0.0 updates

Route map 20 statement is permit all of remaining routes, remain at default local preference of 100
Route map in applied to neighbor 192.168.28.1 “IN” – meaning it is applied to incoming routing updates from
that neighbor.

Example: Setting MED with Route Maps

Both paths between AS 65001 and AS 65004 are loop-free, synchronized-disabled, have valid next-hop
address, all routes have weight of 0, default local preference of 100, same AS path, same default MED of 0.
Route will be based on last three selection criteria - oldest router for EBGP paths, path w/ lowest neighbor
BGP router ID or path w/ lowest neighbor IP address.

Administrator wants packets to 192.168.25.0 and 192.168.26.0 to use Router A, packets for 192.168.24.0 to
use Router B unless there is a link/router failure.
Use MED , a higher selection criteria

Router A configuration Router B configuration


router bgp 65001 router bgp 65001
neighbor 2.2.2.2 remote-as 65001 neighbor 1.1.1.1 remote-as 65001
neighbor 3.3.3.3 remote-as 65001 neighbor 3.3.3.3 remote-as 65001
neighbor 2.2.2.2 update-source lo0 neighbor 1.1.1.1 update-source lo0
neighbor 3.3.3.3 update-source lo0 neighbor 3.3.3.3 update-source lo0
neighbor 192.168.28.1 remote-as 65004 neighbor 172.20.50.1 remote-as 65004
neighbor 192.168.28.1 route-map MED-65004 neighbor 172.20.50.1 route-map MED-65004 out
out
access-list 66 permit 192.168.24.0 0.0.0.255
access-list 66 permit 192.168.25.0 0.0.0.255
access-list 66 permit 192.168.26.0 0.0.0.255 route-map MED-65004 permit 10
match ip address 66
route-map MED-65004 permit 10 set metric 100
match ip address 66 router-map MED-65004 permit 20
set metric 100 set metric 200
router-map MED-65004 permit 20
set metric 200
route map MED-65004 is applied “OUT” to modify outgoing routing updates that are sent to the other
AS.

Filtering BGP Routing Updates


Filter lists, prefix lists, and route maps can be applied to either incoming or outgoing BGP routing
updates to modify the information sent to other autonomous systems.
 Filter-lists
neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out}
 Prefix-lists
1. Create the prefix list
ip prefix-list {list-name | list-number } [seq seq-vaue] deny|permit network/length [ge value] [le value]
2. Apply to the routing updates
neighbor [ip-address | peer-group-name} prefix-list prefix-list-name {in | out}
Routes permitted by the prefix=list are sent (with the out keyword) or received (with the in
keyword).
 Route-maps
1. Define the route-map including the match and set statements
2. Apply to the routing updates

In the example above, customer (65213) accepts only a default route from the 2 ISPs and uses
the link to AS 65387 as the primary link for outbound traffic. REMEMBER, WE ONLY HAVE
CONTROL OF OUR AS.

router bgp 65213


Neighbor 10.2.3.4 remote-as 65627
Neighbor 10.2.3.4 route-map FILTER in
Neighbor 10.4.5.6 remote-as 65387
Neighbor 10.4.5.6 route-map FILTER in

10
Route-map FILTER permit 10
Match ip address prefix-list DEFONLY
Match as-path 10
Set weight 150
Route-map FILTER permit 20
Match ip address prefix-list DEFONLY
Set weight 100

Ip as-path access-list 10 permit _65387$


Ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0

DEFONLY will only match the default route of 0.0.0.0/0. Highest weight wins.

Display BGP topology table


show ip bgp
Displays networks from lowest to highest
* In first column = valid next-hop address
> in second column = indicates best path
i in third column = IBGP neighbor advertised path; blank = eBGP neighbor

Display networks not installed in RIB (routing information base) w/ reason


show ip bgp rib-failure

Clear BGP session


New policy is only applied on new routes, updates received after change
To apply change to all existing routes, must trigger update
Hard reset = must re-establish TCP session
Global mode
clear ip bgp * Deletes entire routing table, must rebuild entire table
clear ip bgp neighbor-address Resets 1 neighbor at a time, takes longer but less severe

Soft reset = does not reset BGP session, creates new update w/ entire table
Global mode
clear ip bgp soft out Soft reset of outbound updates, resends all BGP to neighbors
clear ip bgp soft Soft reset of inbound and outbound updates
Router mode
Stores all updates from this neighbor in case inbound policy is changed = very memory-intensive
neighbor ip-address soft-reconfiguration inbound

Route refresh = feature available with some IOS


If show ip bgp neighbors display includes “Received route refresh capability from peer”
Does not store all update, significantly less memory intensive

11
Global mode
clear ip bgp { * | neighbor-address} soft in

BGP authentication
Exchange key (password) between routers or peer group
Router authenticates source of each BGP packet
Supports MD5 neighbor authentication = message digest is sent, not key
neighbor { ip-address | peer-grp-name} password key
key is case sensitive, 25 chars maximum
can contain alpha numeric and spaces but no space after number
Error messages
%TCP-6-ADAUTH: No MD5 digest from …. Password configured on only 1 router
%TCP-6-ADAUTH: Invalid MD5 digest from …. 2 routers have different passwords configured

BGP Peer group


BGP neighbors are often configured w/ same update policies
Neighbor routers can be grouped into peer groups to simplify configuration, make updating more
efficient, improves performance
Updates generated only once per group
Replicated for each member of group
Useful if neighbors have same outbound policies
Members of peer group inherit all configuration options of group
Can configure individual router to override options if options affect inbound advertisement (but NOT
outbound advertisements)
Router mode command
Neighbor peer-group-name peer-group
Use same name for all neighbor routers in group
Neighbor ip-address peer-group peer-group-name
Links address of neighbor router to specific peer group
Can only be in one peer group
192.168.25.1

D
192.168.24.1 AS 65100
B
AS 65101 A

C 192.168.26.1

192.168.27.1

12
Example:
All routers running IBGP, using loopback as IP source address for all BGP Packets, using own IP as next-
hop address
Router C does not want to pass private addresses so has distribute list
access-list 20 deny 10.0.0.0 0.255.255.255
access-list 20 deny 172.16.0.0 0.31.255.255
access-list 20 deny 192.168.0.0 0.0.0.255.25
access-list permit 20

With peer group


Router C receives update from AS 65101
Creates single update, processes through distribute list, replicated to peer group

Router C w/o peer group Router C w/ peer group


Router bgp 65100 router bgp 65100
neighbor 192.168.24.1 remote-as 65100 neighbor internal peer-group
neighbor 192.168.24.1 update-source lo0 neighbor internal remote-as 65100
neighbor 192.168.24.1 next-hop-self neighbor internal next-hop-self
neighbor 192.168.24.1 distribute-list 20 out neighbor internal distribute-list 20
neighbor 192.168.25.1 remote-as 65100 neighbor 192.168.24.1 peer-group internal
neighbor 192.168.25.1 update-source lo0 neighbor 192.168.25.1 peer-group internal
neighbor 192.168.25.1 next-hop-self neighbor 192.168.26.1 peer-group internal
neighbor 192.168.25.1 distribute-list 20 out
neighbor 192.168.26.1 remote-as 65100
neighbor 192.168.26.1 update-source lo0
neighbor 192.168.26.1 next-hop-self
neighbor 192.168.26.1 distribute-list 20 out

13

You might also like