BGP

=Introduction=


 * Protocol Specifications:

BGP is needed for redundancy of servers. BGP is not used for providing redundancy to users for internet access. Customer connected to multiple Internet service providers (ISPs). Service provider networks (Transit autonomous system). Network cores of very large enterprise networks (distribution or core layer)as a backup or redundant routing protocol due to its stability.
 * Usage applications


 * Customer's Network will become a Transit Autonomous system if ISP traffic passes through your AS.

BGP neighbors are not discovered. They must be configured manually on both sides of the connection. TCP port 179 is used. Only one session remains if both connection attempts succeed.
 * Session Establishment facts


 * Without tuning behaves like RIP, considers AS as a Hop.

Reliable updates (using TCP) Triggered updates only Rich metric (Path attributes) Scalable to massive networks Updates are Incremental and Triggered
 * BGP is an advanced Path Vector Protocol and has following advantages:


 * Only 1 instance of BGP can be run on a router. It will show an error if running it with another AS Number.

= BGP States =

Idle          Neighbor is not responding/Verifying Route to neighbor Active        Attempting to connect Connect       TCP session established OpenSent      Open message sent OpenConfirm   Neighbor replied with Open Message Active(2nd)   Neighbor failed to reply or Mismatched Parameter Established   Adjacency established

= BGP Messages = Open           Starts the Session Update         Network Reachability Exchanges Keepalive      Sent every 60 seconds Notification   Always indicate something is wrong

= BGP Tables =

Neighbor Table       Configured/Connected BGP Peers BGP Table            List of All BGP Routes(Can be Huge) Routing Table        List of Best Routes

= Attributes = Mnemonics: N-WLLA-OMNI


 * Full Internet BGP routing table is more than 300K routes and a BGP router can receive multiple copies of that routing table from multiple providers, router has to compare those multiple entries and select only the best route for the routing table.
 * It uses the BGP Best Path Selection Algorithm to do this.
 * Routes installed by different BGP instances are compared by the general algorithm, i.e. route distances are compared and the route with lower distance is preferred.

Well known BGP attribute types: Well-known mandatory: Attributes of this type must be understood by all BGP implementations and must EXIST in the BGP update messages. Well-known discretionary: Attributes of this type must be understood by all BGP implementations but they don’t have to exist in all BGP updates to all neighbors. Optional BGP attribute types: Optional transitive: optional BGP attributes as the name implies don’t need to be understood by all BGP implementations, but since the transitive flag is set they will be passed to other neighbors. Optional non-transitive: Attributes of this type are also optional as the name implies and will not be passed to other neighbors.

[R1]---[R2] |   |[R3]
 * Origin - Prefer Internal(advertised by network cmd - 'i') over External(advertised by redistribe cmd -'?')
 * Weight is configured for Outgoing direction:

If you want R1 to prefer R3, Configure more weight on R1 Configured on Per-Neighbor basis.

Configure Local Pref R3 so that R1 will prefer routes learned via R3. Local Pref stays inside AS only(use MED if you want to affect AS also). Configured for the whole BGP process on the router.
 * Local Preference is configured in Incoming direction.


 * Weight vs Med vs Local Preference:

|--[R2][R4] [R1]     | |--[R3][R5]

Weight R1 to R2 or R3: |-->

Local Preference R2 to R1 or R3 to R1: <--|

MED R4 to R2 or R5 to R3: |->

=Filter with Route Maps=


 * Route maps are very powerful filtering tools, they can be used to accomplish the following tasks:

Filter on IP prefixes coming from a specific autonomous system Filter on other BGP attributes Modify BGP attributes


 * Match clauses in the BGP route map can be based on the following:

IP network numbers and subnet masks (prefix list or access list) Route originator Next hop Origin code Tag value attached to an Interior Gateway Protocol (IGP) route Autonomous system path Community IGP route type


 * With a route map, the following can be set:

Origin Next hop Weight Community Local preference MED


 * You can apply a route map on incoming or outgoing routing information for a neighbor.
 * The routing information must be permitted by the route map to be accepted.
 * If the route map has no statement explicitly permitting a route, the route is implicitly denied and dropped.


 * The syntax required is as follows:

Router(config-router)# neighbor ip-address route-map name in|out

= Route Reflector? =

= Confederation =

= Community = Source: networkers-online.com

neighbor x.x.x.x send-community
 * A numerical value that can be assigned to a specific prefix and advertised to other neighbors.
 * When the neighbor receives the prefix it will examine the community value and take proper action whether it is filtering or modifying other attributes.
 * By default the community attribute is removed from the update before being sent to the neighbor.
 * To allow community values to be sent to a specific neighbor

Internet:    advertise these routes to all neighbors. Local-as:    prevent sending routes outside the local As within the confederation. No-Advertise: do not advertise this route to any peer, internal or external. No-Export:   do not advertise this route to external BGP peers.
 * BGP has default 4 well known communities that can be used to mark prefixes:


 * Communities can be used to mark a set of prefixes that share a common property.
 * Upstream providers can use these marks to apply a common routing policy such as filtering or assigning a specific local preference.

Network command Aggregate address Neighbor command Redistribution
 * Set community attribute values by:

ip bgp-community new-format
 * Configuration
 * R1 Config:

route-map SETCOM set community 1:10

router bgp 12 neighbor 192.168.12.2 remote-as 12 neighbor 192.168.12.2 send-community

network 150.1.1.0 mask 255.255.255.0 route-map SETCOM

R2# sh ip bgp 150.1.1.0 BGP routing table entry for 150.1.1.0/24, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Not advertised to any peer Local 192.168.12.1 from 192.168.12.1 (192.168.127.1) Origin IGP, metric 0, localpref 100, valid, internal, best Community: 1:10
 * R2 Config(Before applying any policies):

ip community-list 1 permit 1:10 route-map COM match community 1 set metric 100
 * Match the community using a standard community-list

router bgp 12 nei 192.168.12.1 route-map COM in


 * After applying the policy:

R2 #sh ip bgp 150.1.1.0/24 BGP routing table entry for 150.1.1.0/24, version 3 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x800 Not advertised to any peer Local 192.168.12.1 from 192.168.12.1 (192.168.127.1) Origin IGP, metric 100, localpref 100, valid, internal, best Community: 1:10

= Route Aggregation =

= Synchronization = Do not Use or Advertize a route learned by iBGP unless the same has been learned by IGP as well. This is used to prevent the traffic form getting dropped by the intermediate routers.

= Auto-Summarization =

= Next Hop Processing =

eBGP: Changes next hop address on advertized routes. iBGP: Do not changes next hop address on advertized routes. iBGP was designed to be run in Frame Relay, Ethernet:

[R1]   [R3] |      |           -               |              [R2]

Here if Peering is formed between R1-R2 & R2-R3. Traffic from R1 can reach R3 directly if the next hop IP is not changed. Else it needs to pass through R2 unnecessarily. Can be changed with: # neighbor 1.1.1.1 next-hop-self

= BGP Split Horizon =

Do not send updates that you receive from iBGP to other iBGP peers

= Peer Groups =

neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS next-hop-self neighbor IBGP_PEERS update-source lo1

neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS

= MED vs Local Preference =


 * Multi-Exit Discriminator
 * The MED is an optional attribute that comes in handy when there are multiple entrance paths to an AS.
 * The remote AS sets MED values to tell the other AS which path to use.
 * The MED is passed between the two autonomous systems, but the value is not passed to any other ASs.
 * The path with the lowest MED is the preferred path.
 * This attribute is only used to influence entry INTO the AS.


 * Local Preference
 * LOCAL_PREF is a well-known attribute that is also used when multiple paths between autonomous systems exist.
 * The LOCAL_PREF attribute is just that… local and exclusive to the AS.
 * Routers within the local AS are told what path to use to exit that AS.
 * The local preference value is passed only among iBGP peers, and this value never leaves the local AS.

= EBGP vs IBGP =

= Config Commands = Configure Weight: neighbor 1.1.1.1 weight 500

Temporarily disable a neighbor: neighbor 2.2.2.2 shutdown

Clear BGP Process: clear ip bgp *

Set MED: default-metric 200

= Monitoring =

= Troubleshooting =

Synchronisation is enabled & route unknown by IGP(run 'no sync' command) Next Hop inaccessible (for iBGP run 'neighbor 1.1.1.1 next-hop-self' command) AS path includes the local AS Rejection by inbound policy
 * BGP route not installing, route reasons:

Redistribute into IGP: Full Routing Table redistribution not possible, Redistribute partial routing table/specific routes. Add a direct WAN Link between BGP Peers Run iBGP between Peers ?? Configure Route Reflector
 * Blackhole formed in iGBP if all internal routers not running BGP, Solution:

show ip bgp summary
 * If any of the neighbors in below command output shows as in 'Active' state, it means some issue with the neighbor:

When using eBGP, peers will not come up when using loopback as they need to be directly connected and should not have a Hop. Use ebgp-multihop command to resovle this issue: # neighbor 1.1.1.1 ebgp-multihop 2 Network Command Redistribution
 * Use Loopback interface for forming peers in router having multiple links.
 * There are 2 ways to advertise networks into BGP:


 * When using Network command:

Below command will advertize 50.0.0.0/8 into BGP network 50.0.0.0

Therefore advertize exact subnet only: network 50.1.1.0 mask 255.255.255.0

* valid, > best, i - internal, r RIB-failure
 * If the carot sign '>' is missing, the route is not the best one, so not installed in routing table:

Network         Next Hop            Metric LocPrf Weight Path
 * > 10.1.1.1/32     0.0.0.0                  0         32768 i
 * >i10.2.2.2/32     172.16.1.2               0    100      0 i

= R&S Quick Notes = When using Communities, don’t forget “neighbor send-community” Know your attributes and the direction which applied, when to used what. “aggregate address” needs a more specific prefix in the BGP table for aggregate to be advertised. Synchronization issue has 3 solutions, 1- Load BGP on all transit routers, 2- GRE tunnel, 3- Redistribution BGP>IGP. “no bgp nexthop trigger” – Disables next-hop tracking between scanner intervals. “no bgp fast-ext-fallover” – Force the router to wait for the dead-timer to expire, before generating notification messages, when a connected peer goes down. “neighbor fall-over” – Will check neighbor connenctivity between scanner intervals, aka BGP Fast Peering. Only the Holdtime is sent in update-msg. Two neighbors will use the lowest holdtime and then calculate the keepalive from that. Know your Regular Expressions Know the difference between Peer-Groups and Peer-Templates

=LAB=

BGP Basic Lab


GNS3 File: File:cbt nuggets bgp lab.zip

Objectives

 * Configure iBGP & eBGP
 * Establish Neighbors using Loopback interfaces
 * Using Update-Source command
 * Using eBGP-Multihop command
 * Advertising Networks into BGP
 * Turn off BGP Auto-Summary
 * BGP Synchronization
 * BGP Handling of Next Hop Address

Configurations
! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 update-source Loopback1 no auto-summary !
 * R1 Config:

! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.2 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
 * R2 Config:

! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
 * R3 Config:

! interface Loopback1 ip address 4.4.4.4 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.45.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 1.1.1.1 update-source Loopback1 neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 5.5.5.5 remote-as 6500 neighbor 5.5.5.5 ebgp-multihop 2 neighbor 5.5.5.5 update-source Loopback1 no auto-summary ! ip route 5.5.5.5 255.255.255.255 10.1.45.2 ! !
 * R4 Config:

! interface Loopback0 ip address 200.1.1.1 255.255.255.255 ! interface Loopback1 ip address 200.1.2.1 255.255.255.255 ! interface Loopback2 ip address 200.1.3.1 255.255.255.255 ! interface Loopback3 ip address 200.1.4.1 255.255.255.255 ! interface Loopback4 ip address 200.1.5.1 255.255.255.255 ! interface Loopback5 ip address 200.1.6.1 255.255.255.255 ! interface Loopback6 ip address 50.1.1.1 255.255.255.0 ! interface Loopback7 ip address 5.5.5.5 255.255.255.255 ! interface Serial1/2 ip address 10.1.45.2 255.255.255.0 serial restart-delay 0 ! ! router bgp 6500 no synchronization bgp log-neighbor-changes network 50.1.1.0 mask 255.255.255.0 redistribute connected route-map FILTER neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 ebgp-multihop 2 neighbor 4.4.4.4 update-source Loopback7 no auto-summary ! ip route 4.4.4.4 255.255.255.255 10.1.45.1 ! ! ! access-list 50 permit 200.1.1.1 access-list 50 permit 200.1.2.1 access-list 50 permit 200.1.3.1 access-list 50 permit 200.1.4.1 ! route-map FILTER permit 10 match ip address 50 !
 * R5 Config:

BGP Attributes Lab


GNS3 Project File:CBT Nuggets BGP Attributes Lab.zip

Objectives
Configure below Attributes: Weight AS-Path Next Hop Address Origin Local Preference Metric

Configurations
! interface Serial1/0 ip address 10.1.12.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.13.1 255.255.255.0 serial restart-delay 0 ! ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor 10.1.12.2 remote-as 5500 neighbor 10.1.13.3 remote-as 5500 no auto-summary !
 * R1 Config:

! interface Serial1/0 ip address 10.1.12.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.23.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.24.2 255.255.255.0 serial restart-delay 0 ! ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor 10.1.12.1 remote-as 5500 neighbor 10.1.12.1 next-hop-self neighbor 10.1.23.3 remote-as 5500 neighbor 10.1.24.4 remote-as 777 no auto-summary !
 * R2 Config:

! interface Serial1/0 ip address 10.1.23.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.13.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.36.3 255.255.255.0 serial restart-delay 0 ! router bgp 5500 no synchronization bgp default local-preference 700 bgp log-neighbor-changes neighbor 10.1.13.1 remote-as 5500 neighbor 10.1.13.1 next-hop-self neighbor 10.1.23.2 remote-as 5500 neighbor 10.1.36.6 remote-as 777 neighbor 10.1.36.6 route-map LOCAL_PREF in default-metric 200 no auto-summary ! ! ip access-list standard ROUTES_FOR_R2 permit 200.0.0.0 0.255.255.255 ip access-list standard ROUTES_FOR_R3 permit 150.1.50.0 0.0.0.255 permit 150.2.50.0 0.0.0.255 ! route-map LOCAL_PREF permit 10 match ip address ROUTES_FOR_R3 set local-preference 1000 ! route-map LOCAL_PREF permit 20 match ip address ROUTES_FOR_R2 set local-preference 10 ! route-map LOCAL_PREF permit 30 !
 * R3 Config:

! interface Serial1/0 ip address 10.1.45.4 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.24.4 255.255.255.0 serial restart-delay 0 ! router bgp 777 no synchronization bgp log-neighbor-changes neighbor 10.1.24.2 remote-as 5500 neighbor 10.1.45.5 remote-as 911 no auto-summary !
 * R4 Config:

! interface Loopback0 ip address 150.1.50.5 255.255.255.0 ! interface Loopback1 ip address 150.2.50.5 255.255.255.0 ! ! interface Serial1/0 ip address 10.1.45.5 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.57.5 255.255.255.0 serial restart-delay 0 ! ! router bgp 911 no synchronization bgp log-neighbor-changes redistribute connected route-map FILTER neighbor 10.1.45.4 remote-as 777 neighbor 10.1.57.7 remote-as 711 no auto-summary ! ! access-list 50 permit 150.1.50.0 access-list 50 permit 150.2.50.0 no cdp log mismatch duplex ! route-map FILTER permit 10 match ip address 50 !
 * R5 Config:

! interface Serial1/0 ip address 10.1.67.6 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.36.6 255.255.255.0 serial restart-delay 0 ! ! router bgp 777 no synchronization bgp log-neighbor-changes neighbor 10.1.36.3 remote-as 5500 neighbor 10.1.67.7 remote-as 711 no auto-summary !
 * R6 Config:

! interface Ethernet0/0 ip address 200.50.2.7 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 200.60.2.7 255.255.255.0 half-duplex ! ! interface Serial1/0 ip address 10.1.67.7 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.57.7 255.255.255.0 serial restart-delay 0 ! ! router bgp 711 no synchronization bgp log-neighbor-changes network 200.50.2.0 network 200.60.2.0 neighbor 10.1.57.5 remote-as 911 neighbor 10.1.67.6 remote-as 777 no auto-summary !
 * R7 Config:

=References=