Contents

Introduction
eBGP and iBGP
Peers State
Establish iBGP Peers by using Loopback
eBGP Multihop
Password
Peer Group
Network Command
Next-hop-self
Synchronization
Route Reflector
Confederation
Best Path Selection
     1. Weight (Larger)
     2. Local Preference (Larger)
     3. AS Path (Shorter)
     4. Origin Type (Smaller i<e<?)
     5. MED (Smaller)
     6. eBGP vs iBGP
Community
Backdoor

Introduction

BGP stands for Border Gateway Protocol, BGP-4 is the latest version, that is, Version 4. It is the version that most commonly used in networking nowadays. BGP is always used for large network infrastructure to exchange routing information of different AS, such as route exchange between ISPs. BGP is complicated when establishing peers between routers. Also, there are lots of attributes to influence the route results. It is needed to know how to tune these attributes in order to learn BGP well.

eBGP and iBGP

When learning any Dynamic Routing Protocol, the first thing we need to know is how to form neighbors, or called Peers in BGP. Peers use TCP Port 179 to communicate. There are two types of Peers, internal BGP (iBGP) peering and external BGP (eBGP) peering.

If two routers form peers in the same AS, it is called iBGP Peers. If two routers form peers in different AS, it is called eBGP Peers.

We will try to have a basic BGP Peers configuration.

bgp

Here are the configuration of routers in figure 1,

hostname R1
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router bgp 65500
 neighbor 192.168.12.2 remote-as 65501
hostname R2
!
interface Ethernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.23.2 255.255.255.0
!
router bgp 65501
 neighbor 192.168.12.1 remote-as 65500
 neighbor 192.168.23.3 remote-as 65501
hostname R3
!
interface Ethernet0/1
 ip address 192.168.23.3 255.255.255.0
!
router bgp 65501
 neighbor 192.168.23.2 remote-as 65501

To verify if the Peers are established successfully, we can use show ip bgp summary command.

R2#show ip bgp summary
BGP router identifier 192.168.23.2, local AS number 65501
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.12.1    4 65500      21      21        1    0    0 00:18:57        0
192.168.23.3    4 65501      19      19        1    0    0 00:16:27        0

The meanings of each fields are as below,

Neighbor

The IP address of peer router.

V

The BGP Version. As we said before, Version 4 is commonly used nowadays.

AS

The AS number of Peer Router. If the AS number is same as the value that shown above (local AS number), it means that iBGP is established. Otherwise, eBGP is established.

MsgRcvd and MsgSent

MsgRcvd means the number of packets that have been received from Peer. MsgSent is the number that the router sent out. By default, BGP router sends keepalive message every minutes (default keepalive timer = 60 seconds). So, in normal operation, these two numbers will keep increasing.

TblVer

The most update BGP Database revision number, we will discuss it later.

InQ

The number of BGP messages that is received but not handled. If this number is large, that means lots of messages are queue to wait for handling due to CPU exhaustion.

OutQ

The number of BGP messages that are waiting to send out. If this number is large, exhaustion of CPU resource or bandwidth may be the cause.

Up / Down

The up time or down time of this connection.

State / PfxRcd

It is the number of BGP Route received from Peers. If it shows a number (even zero), congratulation! Peers are established. If it shows Active, it means that Peer is not established.

Peers State

BGP Peers become Established if everything alright. Actually, Peers have different state before going to Established state. It helps when troubleshooting if we understand the details of these states.

The 6 different states are,

IDLE

Router is finding a route to reach neighbor in the routing table. (But it never use the default route.)

CONNECT

Neighbor is reached and TCP 3-way handshake is completed.

OPEN SENT

OPEN packet sent to ask for forming Peers.

OPEN CONFIRM

Acknowledgement that agree to form Peers is received.

ESTABLISHED

The two neighbors form Peers successfully.

ACTIVE

It is a State that we never want to see. It means that the router is still sending packets actively but does not receive a reply from others. In other words, Peers are not established.

To monitor the State changes, we can use debug ip bgp,and then clear ip bgp * to force the BGP Peers to establish again.

R3#debug ip bgp
BGP debugging is on for address family: IPv4 Unicast
R3#clear ip bgp *
R3#
*Mar  1 02:11:24.015: BGPNSF state: 192.168.23.2 went from nsf_not_active to nsf_not_active
*Mar  1 02:11:24.019: BGP: 192.168.23.2 went from Established to Idle
*Mar  1 02:11:24.019: %BGP-5-ADJCHANGE: neighbor 192.168.23.2 Down User reset
*Mar  1 02:11:24.023: BGP: 192.168.23.2 closing
*Mar  1 02:11:24.027: BGP: 192.168.23.2 went from Idle to Active
*Mar  1 02:11:24.039: BGP: 192.168.23.2 open active, local address 192.168.23.3
*Mar  1 02:11:24.111: BGP: 192.168.23.2 went from Active to OpenSent
*Mar  1 02:11:24.111: BGP: 192.168.23.2 sending OPEN, version 4, my as: 65501, holdtime 180 seconds
*Mar  1 02:11:24.111: BGP: 192.168.23.2 send message type 1, length (incl. header) 45
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcv message type 1, length (excl. header) 26
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcv OPEN, version 4, holdtime 180 seconds
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcv OPEN w/ OPTION parameter len: 16
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has CAPABILITY code: 1, length 4
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has MP_EXT CAP for afi/safi: 1/1
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has CAPABILITY code: 128, length 0
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Mar  1 02:11:24.167: BGP: 192.168.23.2 rcvd OPEN w/ optional parameter type 2 (Capability) len 2
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has CAPABILITY code: 2, length 0
*Mar  1 02:11:24.167: BGP: 192.168.23.2 OPEN has ROUTE-REFRESH capability(new) for all address-families
BGP: 192.168.23.2 rcvd OPEN w/ remote AS 65501
*Mar  1 02:11:24.167: BGP: 192.168.23.2 went from OpenSent to OpenConfirm
*Mar  1 02:11:24.167: BGP: 192.168.23.2 went from OpenConfirm to Established
*Mar  1 02:11:24.167: %BGP-5-ADJCHANGE: neighbor 192.168.23.2 Up

Establish iBGP Peers by using Loopback

IGP such as OSPF and EIGRP is always used for exchanging route information in an AS. In this situation, Loopback interface is suggested to use for iBGP neighbors since a Loopback is always UP. Also, it is more flexible because the neighbors can use IGP to reach Loopback by using backup paths even the preferred path is down. It increases the stability while the BGP table is not influenced by interface down. Please see the following example.

bgp

In figure 2, assume R2, R3 and R4 is running OSPF. If the iBGP connection between R2 and R3 is using R3 e0/1 Interface IP. When R3 e0/1 down, the iBGP connection will be broken. Lets try.

hostname R2
!
interface Ethernet0/1
 ip address 192.168.23.2 255.255.255.0
!
interface Ethernet0/2
 ip address 192.168.24.2 255.255.255.0
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 65501
 neighbor 192.168.23.3 remote-as 65501
hostname R3
!
interface Ethernet0/1
 ip address 192.168.23.3 255.255.255.0
!
interface Ethernet0/2
 ip address 192.168.34.3 255.255.255.0
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 65501
 neighbor 192.168.23.2 remote-as 65501
hostname R4
!
interface Ethernet0/0
 ip address 192.168.24.4 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.34.4 255.255.255.0
!
router ospf 1
 network 0.0.0.0 255.255.255.255 area 0

R3 and R2 should establish iBGP Peers,

R3#show ip bgp summary
BGP router identifier 192.168.23.3, local AS number 65501
BGP table version is 1, main routing table version 1


Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.23.2    4 65501      11      15        1    0    0 00:05:22        0

But, if we shutdown R3 e0/1, iBGP connection broke. After 3 minutes, the status will become Active. Because the default holdtime of BGP is 180 seconds. That means the state will change to Active if the connection cannot be resumed after 180 seconds.

R3#show ip bgp summary
BGP router identifier 192.168.23.3, local AS number 65501
BGP table version is 1, main routing table version 1


Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.23.2    4 65501      12      20        0    0    0 00:00:06 Active

That is the problem of using Interface IP. Now, we try to make the connection by using Loopback IP of R2 and R3. Here are the steps.

  1. First, configure Loopback Interface and IP address on R2 and R3.
  2. Then, change to Loopback address of neighbors in bgp configuration.
  3. Finally, add neighbor <ip> update-source <interface> command
hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
router bgp 65501
 neighbor 3.3.3.3 remote-as 65501
 neighbor 3.3.3.3 update-source Loopback0
hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
router bgp 65501
 neighbor 2.2.2.2 remote-as 65501
 neighbor 2.2.2.2 update-source Loopback0

Now, even we shutdown R3 e0/1, the iBGP connection is still established. Because R2 and R3 will use Loopback address to connect each other by using R2-R4-R3 path and the path is based on OSPF. And we can see the Neighbor IP becomes Loopback IP when using show ip bgp summary command.

R3#sh ip bgp summary
BGP router identifier 192.168.23.3, local AS number 65501
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4 65501      13      13        1    0    0 00:09:12        0

Pay attention! We use Loopback for iBGP connection only. We seldom use in eBGP since we will not use IGP to connect two different AS.

eBGP Multihop

Sometimes, devices are connected between two BGP neighbors so that the two neighbors cannot be connected directly. For example, a firewall is in the middle of the connection for security reason. In this case, we need the command ebgp multihop. Please see the following example.

bgp

In figure 3, after configuring IP address at R1 and R2, we add static route on both router pointing to the Firewall. A router is simulated as a firewall between R1 and R2.

hostname R1
!
interface Ethernet0/0
 ip address 10.1.1.1 255.255.255.0
!
router bgp 65500
 neighbor 10.2.2.1 remote-as 65501
!
ip route 10.2.2.0 255.255.255.0 Ethernet0/0
hostname R2
!
interface Ethernet0/1
 ip address 10.1.1.1 255.255.255.0
!
router bgp 65501
 neighbor 10.1.1.1 remote-as 65500
!
ip route 10.1.1.0 255.255.255.0 Ethernet0/1
hostname Firewall
!
interface Ethernet0/0
 ip address 10.1.1.2 255.255.255.0
!
interface Ethernet0/1
 ip address 10.2.2.2 255.255.255.0

Even R1 can ping R2 (10.2.2.1), BGP Peer is not established.

R1#ping 10.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/50/72 ms
R1#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65500
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.2.2.1        4 65501      31      32        0    0    0 00:02:05 Idle

Add the command neighbor <ip> ebgp-multihop <max hop count>, <max hop count> in BGP configuration at both routers. Hop means the number of devices between the two routers. The problem is solved after the command is added.

R1(config-router)#neighbor 10.2.2.1 ebgp-multihop 2
R2(config-router)#neighbor 10.1.1.1 ebgp-multihop 2
*Mar  1 00:48:31.035: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up

Password

We may add Password to authorized the Peer Routers.

router bgp 65000
 neighbor 2.2.2.2 remote-as 65000
 neighbor 2.2.2.2 password cisco

Authorization done after adding Password command on both routers.

Peer Group

Peer Group is used to simplify the BGP configuration if there are identical configuration for several neighbors.

router bgp 65000
 neighbor 2.2.2.2 remote-as 65000
 neighbor 2.2.2.2 password cisco
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 3.3.3.3 remote-as 65000
 neighbor 3.3.3.3 password cisco
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 4.4.4.4 remote-as 65000
 neighbor 4.4.4.4 password cisco
 neighbor 4.4.4.4 update-source Loopback0

If we use Peer Group, the configuration will become,

router bgp 65000
 neighbor iBGPNei peer-group         //The name of Peer Group  
neighbor iBGPNei remote-as 65000    //Peer Group settings  
neighbor iBGPNei password cisco
 neighbor iBGPNei update-source Loopback0
 neighbor 2.2.2.2 peer-group iBGPNei //Put 2.2.2.2 into the Peer Group  
neighbor 3.3.3.3 peer-group iBGPNei
 neighbor 4.4.4.4 peer-group iBGPNei

Network Command

After we know how to configure the Peers, we can move to the route information exchange. The Network command is a good starting point. Please be reminded that the Network command is different to that we use in OSPF and EIGRP. In BGP, the Network command announces a network segment to its neighbor but do not put any interfaces to participate in BGP. Since the Neighbor command has already told which interface are joined BGP and the Peers are already established. The Network command just needs to handle the network segment announcement. And please remember the following point,

To announce a network segment, the route table of the router must contain this network segment.

Please see the following example,

bgp

Assume all IP and Neighbor configuration is done, we now add a Loopback on R1 and try to announce this network segment.

hostname R1
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
router bgp 65100
 network 1.1.1.0 mask 255.255.255.0

Use show ip route at R1 to confirm 1.1.1.0/24 is in the Routing table.

R1#show ip route

<Output Omitted>

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0

Then, use show ip bgp and we can see 1.1.1.0/24 is already in the BGP Table.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 i

Let us check at R2, use show ip bgp, 1.1.1.0/24 is received! And we can see it is added in the Route Table successfully by using show ip route !

R2#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.12.1             0             0 65100 i
R2#show ip route

<Output Omitted>

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [20/0] via 192.168.12.1, 00:08:35
C    192.168.23.0/24 is directly connected, Ethernet0/1

How about R3?

R3#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.23.2                           0 65200 65100 i
R3#show ip route

<Output Omitted>

     1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [20/0] via 192.168.23.2, 00:16:04
C    192.168.23.0/24 is directly connected, Ethernet0/1

The BGP route exchanging is done, only by using one Network command. I will explain the meanings of the fields that we saw in show ip bgp.

Network

Network ID and Prefix Length of the network segment.

Next Hop

The Next Hop IP address for reaching this network segment. If it shows 0.0.0.0, it means that the network segment is announced by the router itself. To add this network segment in the Route Table, the Next Hop IP must be reached. We will discuss it later.

Metric

Attributes for best path decision. We will discuss it later.

LocPrf

Attributes for best path decision. We will discuss it later.

Weight

It is also an attributes for best path decision. Only Cisco router contains this attribute. If the route is generated by Network command on this router, the default value of weight is 32768.

Path

The path of arriving the network segment. If the network segment is in the local AS, it will show blank. It is blank but not i! i is another field that called Origin that we will discuss next.

Origin

No filed name displayed in the table for Origin. The value of Origin is behind the AS Path. It should be one of the following values: i, e or ?

  • i - The origin of this route is IGP or by using Network command.
  • e - The origin of this route is EGP, but EGP is already not used for long time, we can ignore it.
  • ? - The route is obtained by redistribute.

Origin is a method of best path decision also. We will discuss later.

Next-hop-self Command

Let us have another example.

bgp

R1 connects R2 by using eBGP, R2 connects R3 by using iBGP, R3 and R4 connects by using eBGP. Assume IP and Peers are already configured. We add Loopback interface at R1 and announce it by using Network command. Check the BGP database on R2, the symbol ">" tells that BGP use Next Hop IP 192.168.12.1 to reach 1.1.1.0/24. And the Route Table seems good.

R2#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.12.1             0             0 65100 i
R2#show ip route

<Output Omitted>

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [20/0] via 192.168.12.1, 00:07:37
C    192.168.23.0/24 is directly connected, Ethernet0/1

Check BGP Table at R3. Ooops! No best path. Also, the route 1.1.1.0 is not added in Route Table. Why?

R3#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
* i1.1.1.0/24       192.168.12.1             0    100      0 65100 i
R3#show ip route

<Output Omitted>

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
C    192.168.23.0/24 is directly connected, Ethernet0/1

Did you remember that when we talked about the Next Hop field in the previous session, to add a route in the route table, the Next Hop IP must be reachable. For R3, there is no 192.168.12.1 in the route table. So, R3 will not add the route with Next Hop IP 192.168.12.1 to the Route Table. But, why the Next Hop IP is 192.168.12.1 instead of 192.168.23.2? Because when BGP announce a route to the neighbor by using iBGP, the Next Hop IP will not be changed. How to solve this issue? We have two methods,

First method: add a Static Route (or use IGP) to teach R3 how to reach 192.168.12.1. After doing this, BGP Route is added to the Route Table.

R3(config)#ip route 192.168.12.1 255.255.255.255 ethernet 0/1
R3(config)#do sh ip route

<Output Omitted>

     192.168.12.0/32 is subnetted, 1 subnets
S       192.168.12.1 is directly connected, Ethernet0/1      
1.0.0.0/24 is subnetted, 1 subnets

B       1.1.1.0 [200/0] via 192.168.12.1, 00:00:04
C    192.168.23.0/24 is directly connected, Ethernet0/1

C    192.168.34.0/24 is directly connected, Ethernet0/0

Method 2: use Next-hop-self command to force R2 changing the Next Hop IP to its own interface IP when it announces the route to R3. Add neighbor <IP> next-hop-self in BGP configuration to make it prefect.

router bgp 65200
 neighbor 192.168.12.1 remote-as 65100
 neighbor 192.168.23.3 remote-as 65200
 neighbor 192.168.23.3 next-hop-self

Now, if we check R3 Route Table, the Next Hop becomes 192.168.23.2. The symbol ">" shows that BGP accept this route to be the Best Path. Also, we can see the route in the Route Table.

R3#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24       192.168.23.2             0    100      0 65100 i
R3#show ip route

<Output Omitted>

     1.0.0.0/24 is subnetted, 1 subnets
B       1.1.1.0 [200/0] via 192.168.23.2, 00:02:47
C    192.168.23.0/24 is directly connected, Ethernet0/1

C    192.168.34.0/24 is directly connected, Ethernet0/0

Synchronization

In some situation, two or more routers form iBGP Peers. In figure 6, R2 and R5 form iBGP Peers in AS65200. Route in AS65100 is announced to AS65300 through AS65200. In such design, synchronization must be met to announce the route successfully. When BGP route arrives R5, it will check whether the route is synchronized.

Synchronization is saying that the route that received by iBGP must have the same IGP Route to arrive.

e.g. AS65100 announces 1.1.1.0/24 to R2. R2 receives and announces to R5. R5 will check its Route Table first, if it find IGP Route 1.1.1.0/24 in Route Table, then it is synchronized.

bgp

For the topology in figure 6, Let us check the configuration of R2 and R5.

hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
!
router ospf 1
 network 2.2.2.0 0.0.0.255 area 0
 network 192.168.23.0 0.0.0.255 area 0
 network 192.168.24.0 0.0.0.255 area 0
!
router bgp 65200
 neighbor 5.5.5.5 remote-as 65200
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 5.5.5.5 next-hop-self
 neighbor 192.168.12.1 remote-as 65100
hostname R5
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
!
router ospf 1
 network 5.5.5.0 0.0.0.255 area 0
 network 192.168.35.0 0.0.0.255 area 0
 network 192.168.45.0 0.0.0.255 area 0
!
router bgp 65200
 neighbor 2.2.2.2 remote-as 65200
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 192.168.56.6 remote-as 65300

We can confirm that R2 have received 1.1.1.0/24,

R2#show ip bgp 
<Output Omitted>
   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.12.1             0             0 65100 i

R5 can received but do not have ">", so it will not announce it,

R5#show ip bgp 
<Output Omitted>
   Network          Next Hop            Metric LocPrf Weight Path
* i1.1.1.0/24       2.2.2.2                  0    100      0 65100 i

It is because R5 does not know 1.1.1.0/24 by IGP.

R5#show ip route

<--Output Omitted-->

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/21] via 192.168.45.4, 00:37:38, Ethernet0/1
                [110/21] via 192.168.35.3, 00:37:38, Ethernet0/0
C    192.168.45.0/24 is directly connected, Ethernet0/1
O    192.168.24.0/24 [110/20] via 192.168.45.4, 00:37:38, Ethernet0/1
     5.0.0.0/24 is subnetted, 1 subnets
C       5.5.5.0 is directly connected, Loopback0
C    192.168.56.0/24 is directly connected, Ethernet0/2
O    192.168.23.0/24 [110/20] via 192.168.35.3, 00:37:38, Ethernet0/0
C    192.168.35.0/24 is directly connected, Ethernet0/0

So, we see nothing in R6.

R6#show ip bgp

R6#

Two methods to solve the problem. First method, synchronize the IGP (OSPF) by using BGP Route Redistribution.

R2(config)#router ospf 1
R2(config-router)#redistribute bgp 65200 subnets

R5 has the best path now. (“r” means RIB failure. Don’t worry. Route Table mark “r” since iBGP’s AD (200) is larger than that of OSPF (110), Route Table will not use this route but it does not make any trouble to BGP route announcement.

R5#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
r>i1.1.1.0/24       2.2.2.2                  0    100      0 65100 i

R6 can receive BGP Route now.

R6#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.56.5                           0 65200 65100 i

Then, what is the second method? Easy! Just turn off the Synchronization. Use no synchronization command to stop it. Please be reminded that synchronization is default turned off in some IOS version.

R2(config)#router bgp 65200
R2(config-router)#no synchronization
R5(config)#router bgp 65200
R5(config-router)#no synchronization

Route Reflector

Let us discuss figure 6 again. So, can we use iBGP instead of OSPF? Yes! But……another BGP rule……

Route that learned from iBGP Peers is NOT announce to another iBGP Peers.

If we use iBGP in AS65200, R2 receive 1.1.1.0/24 from R1 and announce to R3. But R3 and R4 will not announce BGP Route to R5. We can solve the problem by add iBGP Peers between R2 and R5. We should do this for any two routers in AS65200 so that a Fully Mesh iBGP relationship is formed. But Fully Mesh connection will increase rapidly when the number of routers increases. A counter solution is to use neighbor <ip> route-reflector-client command to enable Route Reflector. Route Reflector allows BGP Router announces the route that learned from iBGP Peers. Example,

hostname R3
!
router bgp 65200
 neighbor 192.168.23.2 remote-as 65200
 neighbor 192.168.23.2 route-reflector-client
 neighbor 192.168.35.5 remote-as 65200
!

Confederation

If there are a lot of BGP Routers in an AS, Route Reflector will be complicated and will not be a good solution. We can use Confederation in this case. Confederation divides AS into small Sub-AS, only Sub-AS needs to be Fully Mesh connected. Sub-AS is transparent to other AS. In the following example, AS65000 is divided into to Sub-AS 10 and 20. R7 in AS65100 will form eBGP Peers with R1 in AS65000 (not AS10). On the other hand, R6 in AS65200 will form eBGP Peers with R5 in AS65000 (not AS20).

bgp

Let us check the BGP configuration of R1. Just add the following two commands,

  • bgp confederation identifier <AS Number> - Declare the parent AS
  • bgp confederation peers <AS Number> - Adjacency Sub-AS
hostname R1
!
router bgp 10
 bgp confederation identifier 65000  
bgp confederation peers 20  
neighbor 192.168.12.2 remote-as 10

 neighbor 192.168.13.3 remote-as 10

 neighbor 192.168.14.4 remote-as 20
 neighbor 192.168.17.7 remote-as 65100

Assume BGP Peers have been configured on all routers. We try to announce 6.6.6.0/24 on R6 by using Network command. R7 BGP Tables shows that AS10 and AS20 is not included in the AS Path.

R7#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 6.6.6.0/24       192.168.17.1                           0 65000 65200 i

Best Path Selection

Let us talk about the main course of BGP, that is, the BGP Best Path Selection. When a router receives more than one route that contains the same destination, Best Path Selection is needed. BGP only choose the best one by comparing different Attributes.

1. Weight (Larger)

The first attribute to compare is Weight. Weight is local value that assign to the neighbor router. The route that comes from router with larger weight will be preferred to use. Only Cisco router contains Weight attribute. Please see the below example, assume IP addresses and BGP Peers is configured, R1 connects R2 by using iBGP Peers as well as it connects R3. Next-hop-self command is also used. R1 have configured as a Router Reflector. Now, R6 use network command to announce 6.6.6.0/24.

bgp

From the BGP Table of R1, we found that R1 choose 192.168.12.2 to be the Best Path while the weights of both routes are 0 (the default). Since the weights are equal, BGP use other method to decide the best path.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.13.3             0    100      0 65100 65300 i
*>i                 192.168.12.2             0    100      0 65200 65300 i

Different methods can be used to modify the Weight attribute. The easiest way is use neighbor <ip> weight <default weight> command on R1. Then, use clear ip bgp * to reset all Peers and see what happens,

R1(config)#router bgp 65000
R1(config-router)#neighbor 192.168.13.3 weight 1000
R1(config-router)#end

R1#
*Mar  1 00:21:19.123: %SYS-5-CONFIG_I: Configured from console by console
R1#clear ip bgp *
R1#
*Mar  1 00:24:05.375: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Down User reset
*Mar  1 00:24:05.379: %BGP-5-ADJCHANGE: neighbor 192.168.13.3 Down User reset
*Mar  1 00:24:06.079: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up
R1#
*Mar  1 00:24:06.587: %BGP-5-ADJCHANGE: neighbor 192.168.13.3 Up

Now, use show ip bgp again, the Weight attribute of 192.168.13.3 has been changed to 1000. It is also chosen as best path since 1000 is a larger weight. Only this route will be announced to other peers by R1.

R1#show ip bgp

<Output Omitted>

Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.12.2          0    100      0 65200 65300 i
*>i                 192.168.13.3          0    100   1000 65100 65300 i

Weight is only a Local Attribute means that the value will NOT announced to other routers. If you check the BGP Table at R2, all the weight attributes are 0.

R2#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.13.3             0    100      0 65100 65300 i
*>                  192.168.24.4                           0 65200 65300 i

2. Local Preference (Larger)

If the Weights are equal and Best Path is not decided by Weight, BGP will use Local Preference. A route with larger Local Preference will become the exit of the destination in the whole AS. Now, we set the weight of two routes to same values first.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.12.2             0    100   1000 65200 65300 i
* i                 192.168.13.3             0    100   1000 65100 65300 i

The first route becomes Best Path again. But why Local Preference is 100 before we do configuration to it? Because the default value is 100 if the route is announced by iBGP Peers. Now, we try to change the Local Preference of 6.6.6.0/24 to 500 by using Route Map.

R3(config)#router bgp 65000
R3(config-router)#neighbor 192.168.35.5 route-map TuningLocPrf in
R3(config-router)#exit
R3(config)#ip access-list extended RouteMatch
R3(config-ext-nacl)#permit ip 6.6.6.0 0.0.0.255 any
R3(config-ext-nacl)#route-map TuningLocPrf permit 10
R3(config-route-map)#match ip address RouteMatch
R3(config-route-map)#set local-preference 500
R3(config-route-map)#end
R3#clear ip bgp *

The Local Preference value will be announced to other iBGP Peers in the same AS. Take a look to the BGP Table of R1, the Local Preference becomes 500, thus the route is the best path.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.13.3             0    500   1000 65100 65300 i
* i                 192.168.12.2             0    100   1000 65200 65300 i

3. AS Path (Shortest)

AS Path is the AS that needed to go through to reach destination. BGP think that shortest is the best. So, if BGP cannot decide the best path by using Weight and Local Preference, the route with the shortest AS Path will be the best path. Now, we first make the Weight and Local Preference to be the same values.

R1#sh ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.12.2             0    500   1000 65200 65300 i
* i                 192.168.13.3             0    500   1000 65100 65300 i

As you see, the first route becomes the best path. If we extends the AS Path of the first route, then the second one would become the best path. So, how to modify the AS Path without changing the network topology? We can Prepend by using Route Map. Prepend can add some AS Numbers to the AS Path that received from eBGP Peers (but not iBGP Peers). Let us try extend the AS Path of the first route in R4.

R4(config)#router bgp 65200
R4(config-router)#neighbor 192.168.24.2 route-map TuningAsPath out
R4(config-router)#exit
R4(config)#ip prefix-list MatchNetwork seq 5 permit 6.6.6.0/24
R4(config)#route-map TuningAsPath
R4(config-route-map)#match ip address prefix-list MatchNetwork
R4(config-route-map)#set as-path prepend 65200
R4(config-route-map)#end
R4#clear ip bgp *

Why 65200? Our target is to extend the AS Path but we do not care what AS is added. However, to prevent routing loop, we use the same AS Number that appears in the first position of the AS Path, that is, 65200. Now, look at BGP Table of R1, the second route becomes best path because it is shorter.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.12.2             0    500   1000 65200 65200 65300 i
*>i                 192.168.13.3             0    500   1000 65100 65300 i
R1#

4. Origin Type (Smaller)

We have talked about the three values of Origin, i, e and ?. e is seldom use nowadays. We just need to learn i and ?. i means that the route is coming from IGP or by using Network command. ? means that the route is coming from redistribution. In order to test this attribute, we modify the AS Path to have same length.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.12.2             0    500   1000 65200 65300 i
* i                 192.168.13.3             0    500   1000 65100 65300 i

Try to change the Origin value of first path to ?. How? We may add a static route pointing to 6.6.6.0/24 at R4. Then, redistribute it to BGP.

R4(config)#ip route 6.6.6.0 255.255.255.0 null 0
R4(config)#router bgp 65200
R4(config-router)#redistribute static

Back to the R1, check BGP Table. Origin becomes ?, but the AS Path have been changed by the configuration in R4, we must prepend the AS Path to make sure that the length of two AS Paths are same. We already talked about Prepend AS Path in last session.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.12.2             0    500   1000 65200 ?
* i                 192.168.13.3             0    500   1000 65100 65300 i

After prepend, two routes have the same AS Path length and BGP Table choose i to be the best path.

   Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.12.2             0    500   1000 65200 65200 ? 
*>i                 192.168.13.3             0    500   1000 65100 65300 i

5. MED (Smaller)

This is not the end of the story. If the Origin values are the same, BGP will compare the MED (Metric). MED is something like Metric in IGP and it can be transmitted to the other AS. The route with smaller MED will be the best path. However, the MED is only compared if the first AS Numbers in the AS Paths are the same. To do the test, we change the AS65200 to AS65100 in figure 7.

bgp

Also, we change the Weight, LocPrf, AS Path and Origin to the same value. Now the first path is chosen to be the best path. If we increase the MED, it should lost.

R1#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*>i6.6.6.0/24       192.168.12.2             0    500   1000 65100 65300 i
* i                 192.168.13.3             0    500   1000 65100 65300 i

Try to increase MED to 100 by using Route Map at R4. Will the best path change?

R4(config)#router bgp 65100
R4(config-router)#neighbor 192.168.24.2 route-map TuningMetric out
R4(config-router)#exit
R4(config)#ip prefix-list MatchNetwork seq 5 permit 6.6.6.0/24
R4(config)#route-map TuningAsPath permit 10
R4(config-route-map)#match ip address prefix-list MatchNetwork
R4(config-route-map)#set metric 100
R4(config-route-map)#end
R4#clear ip bgp *

Since the MED of second route is smaller, it becomes best path. Please be reminded that the MED of R2 and R3 have been changed also since MED is announced to the whole AS.

R1#sh ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
* i6.6.6.0/24       192.168.12.2           100    500   1000 65100 65300 i
*>i                 192.168.13.3             0    500   1000 65100 65300 i
R2#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 6.6.6.0/24       192.168.24.4           100    500      0 65100 65300 i
* i                 192.168.13.3             0    500      0 65100 65300 i
R3#show ip bgp

<Output Omitted>

   Network          Next Hop            Metric LocPrf Weight Path
*> 6.6.6.0/24       192.168.35.5                           0 65100 65300 i
* i                 192.168.12.2           100    500      0 65100 65300 i

6. eBGP vs iBGP

If all of the above attributes are same, BGP will prefer route that received from eBGP。

These are only a part of BGP path selection mechanism that are commonlly used. You may visit here for more information about best path selection.

Community

Community is one of the BGP Attribute. It adds a label on the prefix. When other BGP Router received the prefix, it can check the Label values for further action. Use the following topology to do an experiment.

bgp

Assume all IP and BGP configuration is done. R1 announces 1.1.1.0/24. First, we check BGP Table of R2 for 1.1.1.0.

R2#show ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  65000
    192.168.12.1 from 192.168.12.1 (192.168.12.1)
      Origin IGP, metric 0, localpref 100, valid, external, best

Now, we try to add a Community when R1 announces 1.1.1.0 by using Route Map. BGP will not transmit Community by default. We need to use neighbor <IP> send-community command to enable it.

hostname R1
!
router bgp 65000
 network 1.1.1.0 mask 255.255.255.0
 neighbor 192.168.12.2 remote-as 65001
 neighbor 192.168.12.2 send-community  
neighbor 192.168.12.2
route-map SetComm out
!

access-list 1 permit 1.1.1.0 0.0.0.255
!
route-map SetComm permit 10
 match ip address 1
 set community 1000

Check R2 again. Community can be seen and the value is 1000.

R2#show ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  65000
    192.168.12.1 from 192.168.12.1 (192.168.12.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 1000

So, we can do some tricks by Community List and Route Map on R2. For example, we change the Local Preference to 500 if the Community is 1000.

hostname R2
!
router bgp 65001
 neighbor 192.168.12.1 remote-as 65000
 neighbor 192.168.12.1 route-map SetLocal in
 no auto-summary
!
ip community-list 1 permit 1000
!

route-map SetLocal permit 10
 match community 1
 set local-preference 500
R2#show ip bgp
BGP table version is 2, local router ID is 192.168.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       192.168.12.1             0    500      0 65000 i

On the other hand, we can do Route Filtering by using Community. There are four default values for Community other than custom values, that is, no-advertise, local-AS, no-export and internet.

KeywordsFunction
no-advertise Do not announce this prefix to others.
local-AS Only announce this prefix to the same AS in Confederation.
no-export Do not announce this prefix to other AS.
internet The prefix can be announced to everyone.

Let us test the Community setting by using the following topology.

bgp

Give different Community values to differnt Prefix on R1 by using Route Map.

hostname R1
!
router bgp 10
 bgp confederation identifier 65000
 bgp confederation peers 20
 network 1.1.1.0 mask 255.255.255.0
 network 2.2.2.0 mask 255.255.255.0
 network 3.3.3.0 mask 255.255.255.0
 network 4.4.4.0 mask 255.255.255.0
 neighbor 192.168.12.2 remote-as 10
 neighbor 192.168.12.2 send-community
 neighbor 192.168.12.2 route-map TuneComm out
!
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 2 permit 2.2.2.0 0.0.0.255
access-list 3 permit 3.3.3.0 0.0.0.255
access-list 4 permit 4.4.4.0 0.0.0.255
!
route-map TuneComm permit 10
 match ip address 1
 set community no-advertise
!

route-map TuneComm permit 20
 match ip address 2
 set community local-AS
!
route-map TuneComm permit 30
 match ip address 3
 set community no-export
!
route-map TuneComm permit 40
 match ip address 4
 set community internet

Check Community values of Prefix on R2.

R2#show ip bgp 1.1.1.0
BGP routing table entry for 1.1.1.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to any peer)
  Not advertised to any peer
  Local, (Received from a RR-client)
    192.168.12.1 from 192.168.12.1 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, confed-internal, best
      Community: no-advertise
R2#show ip bgp 2.2.2.0
BGP routing table entry for 2.2.2.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised outside local AS)
  Advertised to update-groups:
     1
  Local, (Received from a RR-client)
    192.168.12.1 from 192.168.12.1 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, confed-internal, best
      Community: local-AS
R2#show ip bgp 3.3.3.0
BGP routing table entry for 3.3.3.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to EBGP peer)
  Advertised to update-groups:
     1
  Local, (Received from a RR-client)
    192.168.12.1 from 192.168.12.1 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, confed-internal, best
      Community: no-export
R2#show ip bgp 4.4.4.0
BGP routing table entry for 4.4.4.0/24, version 5
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  Local, (Received from a RR-client)
    192.168.12.1 from 192.168.12.1 (4.4.4.4)
      Origin IGP, metric 0, localpref 100, valid, confed-internal, best
      Community: internet

Check BGP Table on R3. R3 does not receive 1.1.1.0 / 24 because R2 does not send it to R3 while it is no-advertise.

R3#show ip bgp
BGP table version is 4, local router ID is 192.168.34.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i2.2.2.0/24       192.168.12.1             0    100      0 i
*>i3.3.3.0/24       192.168.12.1             0    100      0 i
*>i4.4.4.0/24       192.168.12.1             0    100      0 i

Chect BGP Table on R4. R4 does not receive 2.2.2.0 / 24 because R3 does not send it to R4 while it is local-AS. A local-AS Prefix can only contain in Confederation Local AS. R4 is in another AS, thus R3 does not send this Prefix to R4.

R4#show ip bgp
BGP table version is 3, local router ID is 192.168.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 3.3.3.0/24       192.168.34.3             0    100      0 (10) i
*> 4.4.4.0/24       192.168.34.3             0    100      0 (10) i

At last, R5 will not see 3.3.3.0/24 because the Community of this Prefix is no-export. R4 does not announce to R5 that is in other AS. On the other hand, 4.4.4.0/24 can be sent since the Community value is internet.

R5#show ip bgp
BGP table version is 2, local router ID is 192.168.45.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 4.4.4.0/24       192.168.45.4                           0 65000 i

Backdoor

The concept of Backdoor is very easy. Look at the following topology, it is running EIGRP and BGP. If R2 announce 2.2.2.0/24 by using EIGRP as well as BGP.

bgp

Since R1 is running EIGRP and BGP simultaneously, it receives 2.2.2.0/24 from BGP and EIGRP. The AD of EIGRP is 90 and that of BGP is 20 (eBGP), so R1 will choose the path R1>R3>R2 to reach R2. It is not a good choice.

R1#show ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 2.2.2.0/24       192.168.13.3                           0 65001 i
R1#
R1#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(1.1.1.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 2.2.2.0/24, 1 successors, FD is 409600
        via 192.168.12.2 (409600/128256), Ethernet0/0
P 192.168.12.0/24, 1 successors, FD is 281600
        via Connected, Ethernet0/0
R1#
R1#show ip route | begin Gateway
Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
C    192.168.13.0/24 is directly connected, Ethernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
B       2.2.2.0 [20/0] via 192.168.13.3, 00:00:02

To have an optimal path, we could change the AD. Or we can set backdoor in BGP configuration to tell R1 that BGP is only a backup linkage. Then, R1 will use EIGRP route.

R1(config)#router bgp 65000
R1(config-router)#network 2.2.2.0 mask 255.255.255.0 backdoor
R1(config-router)#end

R1#show ip route | begin Gateway
Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Ethernet0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
C    192.168.13.0/24 is directly connected, Ethernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/409600] via 192.168.12.2, 00:00:22, Ethernet0/0

Coming Soon......

Load Balancing
address-family ipv4