BGP
Introduction
- Protocol Specifications
Protocol Type | Path vector |
Peering mechanism | Manual peering between neighbors |
eBGP AD | 20 |
iBGP AD | 200 |
Rights | Open standard |
Supported protocols | IPv4, IPv6 |
Transport | TCP/179 |
Update mode | Triggered(Internal 5s, External 30s) |
Timers | Hello (60 sec) |
Authentication | None, MD5 |
Specifications | RFC 4271 |
- Usage applications
BGP is needed for redundancy of servers. BGP is not used for providing redundancy to users for internet access. Customer connected to multiple Internet service providers (ISPs). Service provider networks (Transit autonomous system). Network cores of very large enterprise networks (distribution or core layer)as a backup or redundant routing protocol due to its stability.
- Customer's Network will become a Transit Autonomous system if ISP traffic passes through your AS.
- Session Establishment facts
BGP neighbors are not discovered. They must be configured manually on both sides of the connection. TCP port 179 is used. Only one session remains if both connection attempts succeed.
- Without tuning behaves like RIP, considers AS as a Hop.
- BGP is an advanced Path Vector Protocol and has following advantages:
Reliable updates (using TCP) Triggered updates only Rich metric (Path attributes) Scalable to massive networks Updates are Incremental and Triggered
- Only 1 instance of BGP can be run on a router. It will show an error if running it with another AS Number.
BGP States
Idle Neighbor is not responding/Verifying Route to neighbor Active Attempting to connect Connect TCP session established OpenSent Open message sent OpenConfirm Neighbor replied with Open Message Active(2nd) Neighbor failed to reply or Mismatched Parameter Established Adjacency established
BGP Messages
Open Starts the Session Update Network Reachability Exchanges Keepalive Sent every 60 seconds Notification Always indicate something is wrong
BGP Tables
Neighbor Table Configured/Connected BGP Peers BGP Table List of All BGP Routes(Can be Huge) Routing Table List of Best Routes
Loopback Interface
This section is under construction. |
Attributes[1]
Mnemonics: N-WLLA-OMNI-ORN
- Full Internet BGP routing table is more than 300K routes and a BGP router can receive multiple copies of that routing table from multiple providers, router has to compare those multiple entries and select only the best route for the routing table.
- It uses the BGP Best Path Selection Algorithm to do this.
- Routes installed by different BGP instances are compared by the general algorithm, i.e. route distances are compared and the route with lower distance is preferred.
Well known BGP attribute types:
Well-known mandatory: Attributes of this type must be understood by all BGP implementations and must EXIST in the BGP update messages. Well-known discretionary: Attributes of this type must be understood by all BGP implementations but they don’t have to exist in all BGP updates to all neighbors.
Optional BGP attribute types:
Optional transitive: optional BGP attributes as the name implies don’t need to be understood by all BGP implementations, but since the transitive flag is set they will be passed to other neighbors. Optional non-transitive: Attributes of this type are also optional as the name implies and will not be passed to other neighbors.
Attribute | Which is better | Type |
---|---|---|
Next Hop reachable | Route cannot be used if next hop is unreachable | Well-known Mandatory |
Weight | Bigger; value local to the router; Cisco proprietary; default is 0 for all routes not originated by local router | |
Local Preference | Bigger; used within AS and exchanged bw iBGP routers; default is 100 | Well-known discretionary |
Locally Injected (Originate) | Prefer path local router originated; Locally injected > iBGP/eBGP learned; In BGP table it will hv next hop 0.0.0.0 | |
AS Path Length | Smaller; e.g: AS path 1 2 3 is preferred over AS path 1 2 3 4 5 | Well-known Mandatory |
Origin | Prefer IGP(advertised by network cmd - i) > EGP > INCOMPLETE - '?'(reditributed) | Well-known Mandatory |
MED(Metric) | Smaller; used to advertise to neighbors how they should enter your AS; propagated to all routers within the neighbor AS but not passed along any other AS | Optional non-transitive |
Neighbor Type | Prefer eBGP over iBGP | |
IGP Metric to Next Hop | Smaller; Prefer the path within the AS with the lowest IGP metric to the BGP next hop | |
Oldest path | Prefer the path that we received first | |
Router ID | Prefer the path with the lowest BGP neighbor router ID (Manually conf > Highest Loopback IP address > Highest Interface IP address) | |
Neighbor IP address | Prefer the path with the lowest neighbor IP address |
- Directions
Aspath prepend: Applied outwardly. Impacts incoming path. Shorter the as-path length higher the preference As-path prepend is the way to add AS number to the list of subnet u want to advertise. This is a way to route poisoning. Tell the outside world not to follow the path.
Local preference: Applied while the traffic coming inside. Impacts traffic while going out. Non transitive. Propagates within the same as-path. Higher the local preference value higher the preference
MED: Multi Exit Discriminator When your router has connection with two other routers with same AS. You can use MED value to mention which networks should be accessed through which links. It is advertised outwards. Impacts the incoming traffic. Semi transitive. Propagates to one AS. Lower the MED value higher the preference. MED should be used carefully as it reduces network resiliency.
Filter with Route Maps
- Route maps are very powerful filtering tools, they can be used to accomplish the following tasks:
Filter on IP prefixes coming from a specific autonomous system Filter on other BGP attributes Modify BGP attributes
- Match clauses in the BGP route map can be based on the following:
IP network numbers and subnet masks (prefix list or access list) Route originator Next hop Origin code Tag value attached to an Interior Gateway Protocol (IGP) route Autonomous system path Community IGP route type
- With a route map, the following can be set:
Origin Next hop Weight Community Local preference MED
- You can apply a route map on incoming or outgoing routing information for a neighbor.
- The routing information must be permitted by the route map to be accepted.
- If the route map has no statement explicitly permitting a route, the route is implicitly denied and dropped.
- The syntax required is as follows:
Router(config-router)# neighbor ip-address route-map name in|out
Route Reflector?[2]
- Any route received from an iBGP neighbor must not be advertised to any other iBGP neighbor.
- This requires all iBGP routers be connected in logical full mesh topology, which is not scalable.
Two solution possible:
BGP confederations Route reflectors
- A route reflector is BGP router that is allowed to break the iBGP loop avoidance rule.
- Route reflectors can advertise updates received from an iBGP peer to another iBGP peer.
- This allow for building iBGP networks that scale easily.
- IBGP routers are divided into:
Route Reflectors Route Reflector Clients Non-Client Peers
- Routes received from:
RR-client is reflected to other clients and non-client neighbors Non-client neighbors are reflected to Route-Reflector-client neighbors only
- An RR reflecting the route received from a RR-Client adds:
Originator ID - Router ID of the originator of the route in the local AS. If the update comes back to the originator, it ignores the update. Cluster List - Router ID of RR. A list of Cluster IDs that an update has traversed. When a RR sends a route received from a client to a non-client, it appends the local Cluster ID. If a RR receives a route whose Cluster List contains the local Cluster ID, it ignores the update.
- RR reflects routes considered as best routes only.
- If more than one update is received for the same destination only the BGP best route is reflected.
- RR is not allowed to change any attributes of the reflected routes including the next-hop attribute.
- Loop Prevention:
If a router received an iBGP route with the Originator-ID attribute set to its own router-id, the route is discarded. If a route reflector receives a route with a cluster-list attribute containing its cluster-id, the route is discarded.
- Config:
[Client1]------------------[RR1]------------------[Client2]
- RR1 router
router bgp 100 neighbor 172.16.1.2 remote-as 100 neighbor 172.16.1.2 route-reflector-client
- Client1 router
router bgp 100 neighbor 172.16.1.1 remote-as 100 network 11.1.1.1 mask 255.255.255.255 --> Route to be reflected
Verification on RR1:
show ip bgp 11.1.1.1 show ip bgp neighbors 172.16.1.2 advertised-routes
Confederation
- RR does not require major changes to existing configuration
- It implies choosing routers that will act as a focal point for iBGP sessions within a single AS, running a single IGP.
- Confederations needs quite a config change and architecture.
- Confederations may contain different IGPs, adding more flexibility to scaling your network.
- In case your IGP is exceeding its scalability limit and becomes unmanageable, use Confederation.
- A method to subdivide a single AS into multiple internal sub-AS's, yet still advertise as a single AS to external peers.
- The intent is to reduce iBGP mesh size, scalable approach for a large autonomous system.
- Each of Sub-AS has its own AS number.
- Reduces the total number of iBGP peering sessions per router within AS.
- Large no of iBGP sessions can consume bandwidth and cause high CPU utilization, so negatively affect the performance.
- Each sub-AS has different AS number.
- All peers in sub-AS are fully meshed in order to learn external routes from external sources.
- Every sub-AS is identified by its unique AS number(private: 64512 – 65535), the connection between them is always eBGP peering called Intra-Confederation eBGP.
- eBGP routes between sub-ASs called Confederation External Routes, are preferred over iBGP routes.
- If BGP has to choose between two paths, one leading inside sub-AS and other outside sub-AS, within confederation, it will choose the external path – to neighboring sub-AS.
- To choose between Confederation eBGP route and eBGP route leading outside of confederation, BGP will choose the second one.
- AS_PATH attribute contains AS_CONFED_SET parameter which is modified inside the confederation only
- In case the confederation runs one IGP, NEXT_HOP, MED, LOCAL_PREF do not change when routing update traverses Intra-Confederation eBGP
- Config
Source: networklessons.com
[R2 AS-2 SubAS-24]------------------------[R3 AS-2 SubAS-35]
R2:
R2(config)#router ospf 1 R2(config-router)#network 2.2.2.2 0.0.0.0 area 0 R2(config)#router bgp 24 R2(config-router)#bgp confederation identifier 2 R2(config-router)#bgp confederation peers 35 R2(config-router)#neighbor 3.3.3.3 remote-as 35 R2(config-router)#neighbor 3.3.3.3 update-source loopback 0 R2(config-router)#neighbor 3.3.3.3 ebgp-multihop 2
R3:
R3(config)#router ospf 1 R3(config-router)#network 3.3.3.3 0.0.0.0 area 0 R3(config)#router bgp 35 R3(config-router)#bgp confederation identifier 2 R3(config-router)#bgp confederation peers 24 R3(config-router)#neighbor 2.2.2.2 remote-as 24 R3(config-router)#neighbor 2.2.2.2 update-source loopback 0 R3(config-router)#neighbor 2.2.2.2 ebgp-multihop 2
- Verification
R2(config)#interface loopback 5 R2(config-if)#ip address 55.55.55.55 255.255.255.255 R2(config)#router bgp 35 R2(config-router)#network 55.55.55.55 mask 255.255.255.255
R3#show ip bgp 55.55.55.55 ~ Origin IGP, metric 0, localpref 100, valid, confed-internal, best
Route Aggregation
Source noction.com
RA also known as BGP Route Summarization A method to minimize the size of the routing table Announcing the whole address block received from the Regional Internet Registry (RIR) to other ASes. RA is opposite to non-aggregation routing, where individual sub-prefixes of the address block are announced to BGP peers. RA reduces the size of the global routing table, decreases routers’ workload and saves network bandwidth.
- BGP Route Aggregation with Static Discard Route:
Firstly create an aggregate address with a static discard route 70.36.0.0/20 pointing to a null interface. The discard static route 70.36.0.0/20 configured on a router R1 makes the router to discard any packet that matches the route. However, as long as there are more specific (longer prefix) working routes in a routing table of the router R1, packets matching these routes are not discarded. The BGP tables of R2 and R3 routers are injected with the network command configured on R1 router, matching the static discard route.
router bgp 3695 bgp log-neighbor-changes network 70.36.0.0 mask 255.255.240.0 neighbor 12.0.0.2 remote-as 11260 ! ip route 70.36.0.0 255.255.240.0 Null0
- BGP Route Aggregation with Aggregate-address Command
Now make the router R1 advertise the aggregate prefix 70.36.0.0/20 to its BGP neighbor R2. The aggregate address is advertised to a neighbor as long as it represents at least one part of the aggregate address in the BGP table of a router. The parts are called components or the contributing routes and represent more specific matches for the aggregated route. We will inject a single route 70.36.0.0/24 into the BGP table of R1 with the network command.
router bgp 3695 bgp log-neighbor-changes network 70.36.0.0 mask 255.255.255.0 aggregate-address 70.36.0.0 255.255.240.0 neighbor 12.0.0.2 remote-as 11260
This section is under construction. |
- Option summary-only
- Option suppress-map
- Option unsuppress-map
- Option attribute-map
- Option advertise-map
- Option as-set
Routing Information Base (RIB)
BGP Routing Information Base consists of three parts as explained below:
- The Adj-RIBs-In:
BGP RIB-In stores BGP routing information received from different peers. The stored information is used as an input to BGP decision process. In other words this is the information received from peers before applying any attribute modifications or route filtering to them.
- The Local RIB:
The local routing information base stores the resulted information from processing the RIBs-In database’s information. These are the routes that are used locally after applying BGP policies and decision process.
- The Adj-RIBs-out:
This one stores the routing information that was selected by the local BGP router to advertise to its peers through BGP update messages. Do not forget; BGP only advertises best routes if they are allowed by local outbound policies.
Community
Source: networkers-online.com
- A numerical value that can be assigned to a specific prefix and advertised to other neighbors.
- When the neighbor receives the prefix it will examine the community value and take proper action whether it is filtering or modifying other attributes.
- By default the community attribute is removed from the update before being sent to the neighbor.
- To allow community values to be sent to a specific neighbor
neighbor x.x.x.x send-community
- BGP has default 4 well known communities that can be used to mark prefixes:
Internet: advertise these routes to all neighbors. Local-as: prevent sending routes outside the local As within the confederation. No-Advertise: do not advertise this route to any peer, internal or external. No-Export: do not advertise this route to external BGP peers.
- Communities can be used to mark a set of prefixes that share a common property.
- Upstream providers can use these marks to apply a common routing policy such as filtering or assigning a specific local preference.
- Set community attribute values by:
Network command Aggregate address Neighbor command Redistribution
- Configuration
- R1 Config
ip bgp-community new-format route-map SETCOM set community 1:10 router bgp 12 neighbor 192.168.12.2 remote-as 12 neighbor 192.168.12.2 send-community network 150.1.1.0 mask 255.255.255.0 route-map SETCOM
- R2 Before applying any policies
R2# show ip bgp 150.1.1.0 BGP routing table entry for 150.1.1.0/24, version 2 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x820 Not advertised to any peer Local 192.168.12.1 from 192.168.12.1 (192.168.127.1) Origin IGP, metric 0, localpref 100, valid, internal, best Community: 1:10
- R2 Config - Match the community using a standard community-list
ip community-list 1 permit 1:10 route-map COM match community 1 set metric 100 router bgp 12 neighbor 192.168.12.1 route-map COM in
- R2 After applying the policy
R2 #sh ip bgp 150.1.1.0/24 BGP routing table entry for 150.1.1.0/24, version 3 Paths: (1 available, best #1, table Default-IP-Routing-Table) Flag: 0x800 Not advertised to any peer Local 192.168.12.1 from 192.168.12.1 (192.168.127.1) Origin IGP, metric 100, localpref 100, valid, internal, best Community: 1:10
Synchronization
- Do not Use or Advertize to eBGP a route learned by iBGP unless the same has been learned by IGP as well.
- This is used to prevent the traffic form getting dropped by the intermediate routers, a method of circumventing black-holes in transit networks.
- This rule requires the redistribution of the BGP routes into the IGP in order to validate via the IGP.
- But this is non scalable due to size of Internet Routing Table therefore is disabled by default(since 12.2).
- To prevent black-holes in transit networks, iBGP needs to be run on all routers since BGP only can handle this amount of prefixes.
Auto-Summarization
- Normally when you advertise a network in BGP you have to type in the exact network and subnet mask that you want to advertise or it won’t be placed in the BGP table.
- With auto-summary enabled, you can advertise a classful network and you don’t have to add the mask parameter.
- BGP will automatically advertise the classful network if you have the classful network or a subnet of this network in your routing table.
Config:
R1(config)#router bgp 1 R1(config-router)#auto-summary R1(config-router)#network 1.0.0.0
Next Hop Processing
- eBGP: Changes next hop address on advertized routes.
- iBGP: Do not changes next hop address on advertized routes.
- iBGP was designed to be run in Frame Relay, Ethernet:
[R1] [R3] | | --------- | [R2]
- Here if Peering is formed between R1-R2 & R2-R3.
- Traffic from R1 can reach R3 directly if the next hop IP is not changed.
- Else it needs to pass through R2 unnecessarily.
- Can be changed with:
neighbor 1.1.1.1 next-hop-self
BGP Split Horizon
- Do not send updates that you receive from iBGP to other iBGP peers
- Override it as:
R1(config)# router bgp 21 R1(config-router-af)# neighbor 192.0.2.1 remote-as 100 R1(config-router-af)# neighbor 192.0.2.1 activate R1(config-router-af)# neighbor 192.0.2.1 as-override split-horizon
Peer Groups
neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS next-hop-self neighbor IBGP_PEERS update-source lo1
neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS
MED vs Local Preference vs Weight
- Multi-Exit Discriminator
- The MED is an optional attribute that comes in handy when there are multiple entrance paths to an AS.
- The remote AS sets MED values to tell the other AS which path to use.
- The MED is passed between the two autonomous systems, but the value is not passed to any other ASs.
- The path with the lowest MED is the preferred path.
- This attribute is only used to influence entry INTO the AS.
- Local Preference
- LOCAL_PREF is a well-known attribute that is also used when multiple paths between autonomous systems exist.
- The LOCAL_PREF attribute is just local and exclusive to the AS.
- Routers within the local AS are told what path to use to exit that AS.
- The local preference value is passed only among iBGP peers, and this value never leaves the local AS.
- Local Preference is configured in Incoming direction.
- Configure Local Pref R3 so that R1 will prefer routes learned via R3.
- Local Pref stays inside AS only.
- Configured for the whole BGP process on the router.
- Weight
- Cisco Proprietary
- Weight is configured for Outgoing direction:
[R1]-------[R2] | |--------[R3]
- If you want R1 to prefer R3, Configure more weight on R1
- Configured on Per-Neighbor basis.
- Example Scenario
<--AS3--> <--AS100--> |------[R2]--------[R4] [R1] | |------[R3]--------[R5]
- Weight R1 to R2 or R3:
|------> Applied |------> Traffic Impacted
- Local Preference R2 to R1 or R3 to R1:
<------| Applied |------> Traffic Impacted
- MED R4 to R2 or R5 to R3:
|---------> Applied <---------| Traffic Impacted
ASPath Prepend
Source: noction.com
- AS path is a well-known mandatory attribute, which means that it’s present for all prefixes exchanged between BGP neighbors.
- When a BGP router sends out an update to a neighbor in a different autonomous system (i.e., an external or eBGP neighbor), it adds its own AS number to the front (left side) of the AS path.
- So the AS path lists all the ASes that need to be traversed to reach the location where the prefix that the path is attached to is advertised from.
- As such, a traceroute should encounter those same ASes.
- The main purpose of the AS path is to avoid loops.
- Prepending means adding one or more AS numbers to the left side of the AS path.
- Normally this is done using one’s own AS number, using someone else’s AS number for this can have unintended side effects.
Config:
router bgp 65123 neighbor 198.51.100.90 remote-as 65456 neighbor 198.51.100.90 description IX peer neighbor 198.51.100.90 route-map prepend out ! route-map prepend permit 10 set as-path prepend 65123
BGP Route Dampening
Source: noction.com
- The unstable route whose availability alters repeatedly is called a flap.
- When flaps occur, excessive number of BGP UPDATE messages are sent to BGP peers which in turn increases the load of the peers and excessively consumes CPU power.
- The goal of BGP route dampening when first introduced was to reduce the propagation of flapping routes without affecting the convergence time of the stable routes.
- It was designed to decrease the load on routers and increase the overall network stability, as the stable prefixes would still be advertised while the propagation of the flapping routes would remain suppressed until such routes become stable again.
- BGP Route dampening was applied locally on the routes learned by the eBGP peers.
- When the command bgp dampening is enabled without configuring any optional arguments, the default values are used.
- The default IOS dampening values are 15 750 2000 60.
- Config
router bgp 64501 bgp dampening neighbor 10.0.0.2 remote-as 64502
- Verify
R1# show ip bgp dampening parameters R1# show ip bgp dampening flap-statistics R1# debug ip bgp dampening
- Default dampening parameters
- The penalty will be reduced to half after 15 minutes (Half-life time).
- The routes will not be used when the Suppress penalty 2000 is reached.
- The dampened route will be reused when the penalty is decoyed into 750 (Reuse penalty).
- The routes experiencing route flaps should not be suppressed for more than 60 minutes (Max suppress time).
Multipath
- Unlike most routing protocols, BGP only selects a single best path for each prefix.
- It doesn’t do ECMP (Equal Cost Multi-Path Routing) by default but it is possible to enable this.
- In order for BGP to use the second path, the following attributes have to match:
Weight Local Preference AS Path (both AS number and AS path length) Origin code MED IGP metric
- Next hop address for each path must be different.
- This comes into play when you are multihomed to the same router.
- Config
R1(config)#router bgp 1 R1(config-router)#maximum-paths 2
BFD
This section is under construction. |
Route Health Injection
This section is under construction. |
EBGP vs IBGP
EBGP | IBGP |
---|---|
Peering is between two different AS | Peering is between same AS |
Routes learned from eBGP peer will be advertised to other peers(EBGP or IBGP) | Routes learned from IBGP peer will not be advertised to other IBGP peers, can be advertised to EBGP peer. |
EBGP peers are set with TTL = 1, neighbors are assumed to be directly connected. Can change this behavior for EBGP by “neighbor x.x.x.x ebgp-multihop <TTL>”. Multihop is the term used in EBGP only. |
For IBGP peers dont need to be directly connected. |
Routes have AD of 20 | Routes have AD of 200 |
Next hop is changed on advertised routers | Next-hop IP will not be changed when adv prefixes to another IBGP |
Config Commands
Configure Weight:
neighbor 1.1.1.1 weight 500
Temporarily disable a neighbor:
neighbor 2.2.2.2 shutdown
Clear BGP Process:
clear ip bgp *
Set MED:
default-metric 200
Monitoring
Command | Description |
---|---|
show ip bgp neighbor ip-address | Displays detailed neighbor information |
show ip bgp | Displays all the routes in the BGP table |
show ip bgp summary | Brief Neighbor Information |
show ip bgp ip-prefix [mask subnet-mask] | Displays detailed information about all paths for a single prefix |
debug ip tcp transactions | Displays all TCP transactions |
debug ip bgp events | Displays significant BGP events |
debug ip bgp keepalives | Debugs BGP keepalive packets |
debug ip bgp updates | Displays all incoming or outgoing BGP updates |
debug ip bgp updates acl | Displays all incoming and sent updates matching an ACL |
debug up bgp ip-address update [acl] | Displays all BGP updates received from or sent to a specific neighbor |
Troubleshooting
- BGP route not installing, route reasons:
Synchronisation is enabled & route unknown by IGP(run 'no sync' command) Next Hop inaccessible (for iBGP run 'neighbor 1.1.1.1 next-hop-self' command) AS path includes the local AS Rejection by inbound policy
- Blackhole formed in iGBP if all internal routers not running BGP, Solution:
Redistribute into IGP: Full Routing Table redistribution not possible, Redistribute partial routing table/specific routes. Add a direct WAN Link between BGP Peers Run iBGP between Peers ?? Configure Route Reflector
- If any of the neighbors in below command output shows as in 'Active' state, it means some issue with the neighbor:
show ip bgp summary
- Use Loopback interface for forming peers in router having multiple links.
When using eBGP, peers will not come up when using loopback as they need to be directly connected and should not have a Hop. Use ebgp-multihop command to resovle this issue: # neighbor 1.1.1.1 ebgp-multihop 2
- There are 2 ways to advertise networks into BGP:
Network Command Redistribution
- When using Network command:
Below command will advertize 50.0.0.0/8 into BGP
network 50.0.0.0
Therefore advertize exact subnet only:
network 50.1.1.0 mask 255.255.255.0
- If the carot sign '>' is missing, the route is not the best one, so not installed in routing table:
* valid, > best, i - internal, r RIB-failure Network Next Hop Metric LocPrf Weight Path *> 10.1.1.1/32 0.0.0.0 0 32768 i *>i10.2.2.2/32 172.16.1.2 0 100 0 i
R&S Quick Notes
- When using Communities, don’t forget “neighbor send-community”
- Know your attributes and the direction which applied, when to used what.
- “aggregate address” needs a more specific prefix in the BGP table for aggregate to be advertised.
- Synchronization issue has 3 solutions, 1- Load BGP on all transit routers, 2- GRE tunnel, 3- Redistribution BGP>IGP.
- “no bgp nexthop trigger” – Disables next-hop tracking between scanner intervals.
- “no bgp fast-ext-fallover” – Force the router to wait for the dead-timer to expire, before generating notification messages , when a connected peer goes down.
- “neighbor fall-over” – Will check neighbor connenctivity between scanner intervals, aka BGP Fast Peering.
- Only the Holdtime is sent in update-msg. Two neighbors will use the lowest holdtime and then calculate the keepalive from that.
- Know your Regular Expressions
- Know the difference between Peer-Groups and Peer-Templates
BGP Notes 2
- BGP Synchronization rule -IF the AS is acting transient for other AS routes learn through BGP will not be advertized unless the all the routes learn this routes though IGP.
- If we turned on the synchronisation BGP router will not advertize the route learned from IBGP PEER to EBGP Peer unless that route is learned through IGP.
- Split horizon rule -Routes larn though IBGp nei will not be advertized to other IBGP nei .
- BGP path selection criterion
Route is excluded if next hop is unreachable hightest wieight high local pref route if locally orginated shortest as path len prefer lowest origin code (IGP<EGP<Unknown) lowest MED ebgp over IBGP between IBGP closed IGP nei bet EBGP oldest route lowest Router ID.
- BGP Message types - Keepalive, notification, open, update.
- Routes received from a Route-Reflector-client is reflected to other clients and non-client neighbors.So if we have two route reflectors we should also keep in separte clusters ,, to avoide loops .That means that if you have multiple RRs with different cluster ID, optimal path is selected by selecting shorter cluster list. Having multiple RRs in the same cluster creates partial connectivity during failure
- The first route reflector also set an additonal BGP attribute called originator id and add it to BGP router -id of client.if any router receive the route which contains its own router id will ignore the route
- Confedrations - Breaking As into smaller As so that they can exchange routing updates using intra confedration EBGp Seesion.
but on the intraconfedration EBGP session parmaters for IBGP are still preserved. (like next hop self, metric, preference)
- Commands - under BGP process bgp confedration id x.x -Original As
- BGP confederation peers x.x ,y...- Need to specify the the intra confdration with in AS.
- MED Vs AS path prepend - MED doesnot goes beyond neibor As while As path prepeend goes beyond that.
- BGP always compare md - compares MED for a path from neighbors in different AS.
- BGP Determinsic-Med -comparison of MEd for a path from differnt Peers advertize in same AS.
- BGP conditional advertizement uses two terms advertize-map and non-exist-map, advertize the prefix in adtervertize map only if there is no route in BGPtable defined in non-exist-map.
- BGP conditonal Inject and Exist map -BGP conditional Route injection advertize the specific route defined in inject map from the summary route present in exist map .Its reverse of Aggregation .
- SOO - Site of orgin -is used to prevent routing loops and is used to identify the site from where the route is orginated and does not readvertize same route back to the site .
- SOO is enabled on PE routers - marked the customer prefixes.
- BGP communities are used to TAG the routes and they are used to perform policy routing in upstream router. Community attribute consist of four octets. Inorder to send community
- We need to use send community command under BGP process.
- BGP community are :
Internet: advertise these routes to all neighbors. Local-as: prevent sending routes outside the local As within the confederation. No-Advertise: do not advertise this route to any peer, internal or external. No-Export: do not advertise this route to external BGP peers.
- Local AS command can be used in while migration of As - it will genrate BGP open message which is defined in local AS.
- nei x.x.x. local 100 no prepend replace as dual-as.( can be used for remote peer to configue whatever AS no has configured at there side ).
- Peers Group -Peer groups are a way of defining templates/groups with settings for neighbor
- Relationships - The same policy that goes to 1 neighbor in the peer group must go to all if it case one neighbor has a slightly different config we do not use peer-group for this neighbor the idea being a group with all required bgp settings and then add the neighbors to this group so they inherit the settings.
- Using BGP peer group one update is sent to peer group instead of individual updates helps in optimisation of updates .Configration makes its simpler.
- BGP route relector -Eliminates the need of bgp full mesh ,similar to ospf DR ,BDR elecltion, only peering needs to with RR.
- When RR get the update from its client it sent to other RR and its client .
- Modify the spilt horizon rule .BGP cluster id is used as loop prevention.
- Does not modiy the next hope attributes.
- Route reflectores modify split horizon rule now routes learn through IBGP can be forwarded to other IBGP nei ,route reflectore can do .
- if the client is having IBGP session with multiple routereflectores so each client will receive two copies of all routes.this can create the routing loops to avoid it each route reflector and its client form cluster which is identifed by cluster id which is unique in AS.
- whenver particular route is reflected route reflector router id is added to cluster list attirbute and set cluster id number in cluster -list.if for any reason route is reflected back to route reflectore for some reason it will reconganize cluster id includes its own router id . and will not forward it .
- The BGP Link Bandwidth feature used to enable multipath load balancing for external links with unequal bandwidth capacity. This feature is enabled under an IPv4 or VPNv4 address family sessions by entering the bgp dmzlink-bw command. This feature supports both iBGP, eBGP multipath load balancing, and eiBGP multipath load balancing in Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). When this feature is enabled, routes learned from directly connected external neighbor are propagated through the internal BGP (iBGP) network with the bandwidth of the source external link.
- The link bandwidth extended community indicates the preference of an autonomous system exit link in terms of bandwidth. This extended community is applied to external links between directly connected eBGP peers by entering the neighbor dmzlink-bw command. The link bandwidth extended community attribute is propagated to iBGP peers when extended community exchange is enabled with the neighbor send-community command.
- It should be configured in conjuction with max path command:
bgp dmzlink-bw neighbor ip-address dmzlink-bw neighbor ip-address send-community [both | extended | standard
- Aggreagate with AS set command - normal aggregation with summary command advertise the summary prefix only and suppress all the specific routes, so router which is performing the aggreagation will include its own AS while sending the update.
- So when Aggreagate with AS set command is used it will include all the AS in updates for summary prefix for those AS route performing the aggregation with AS list, this will prevent routing loop.
- Attribute map -can be used to modify the community received in aggregation router to none.(command) MAP. When particular is sending the prefix to router performing aggregation with community like no export attached, Aggregate router will inherit the communtiy and can cause issue to aggregate prefix while propagating, To avoid it we can modifiy the community to none using atrribute map command (aggrgate address x.x.x.x .x.x.x as-set summary only attribute map)
- BGP Backdor link - used to modifiy the AD for external route from 20 to 200 so that IGP learned route can be prefered over EBGP.
- Command will be added to router which is learning the prefises from two routing ptotocols .
router bgp x.x.x.x network x.x.x.x mask backdoor
Redistribution from osfp to bgp
- All redistributed routes into bgp takes ad value of BGP ,inorder redistribute all the ospf routes internal ,external (E1&E2) we need to uses redisrtibute ospf process mathc internal external 1 external 2
- Redistribution of bgp into Ospf will take metric one ,Reditributio of ospf into BGP take IGP metric
- Qos -Each router maintain two queue hardware queue works on FIFO and software queues (LLQ,CBWFQ,Flow based WFq) ,service policy applies only on software queue
- Use the tx-ring-limit command to tune the size of the transmit ring to a non-default value (hardware queue is last stop before the packet is transmitted)
Note: An exception to these guidelines for LLQ is Frame Relay on the Cisco 7200 router and other non-Route/Switch Processor (RSP) platforms. The original implementation of LLQ over Frame Relay on these platforms did not allow the priority classes to exceed the configured rate during periods of non-congestion. Cisco IOS Software Release 12.2 removes this exception and ensures that non-conforming packets are only dropped if there is congestion. In addition, packets smaller than an FRF.12 fragmentation size are no longer sent through the fragmenting process, reducing CPU utilization.
- It's all based upon whether there is or is not congestion on the link.
- The priority queue (LLQ) will always be served first, regardless of congestion. It will be both guaranteed bandwidth AND policed if there is congestion. If there is not congestion, you may get more throughput of your priority class traffic.
- If the class is underutilized then the bandwidth may get used by other classes. Generally speaking this is harder to quantify than you may think. Because in normal classes, the "bandwidth" command is a minimum of what's guaranteed. So you may get MORE in varying amounts just depending on what is in the queue at any point in time of congestion.
- As mentioned before, policers determine whether each packet conforms or exceeds (or, optionally, violates) to the traffic configured policies and take the prescribed action. The action taken can include dropping or re-marking the packet. Conforming traffic is traffic that falls within the rate configured for the policer. Exceeding traffic is traffic that is above the policer rate but still within the burst parameters specified. Violating traffic is traffic that is above both the configured traffic rate and the burst parameters.
- An improvement to the single-rate two-color marker/policer algorithm is based on RFC 2697, which details the logic of a single-rate three-color marker.
- The single-rate three-color marker/policer uses an algorithm with two token buckets. Any unused tokens in the first bucket are placed in a second token bucket to be used as credits later for temporary bursts that might exceed the CIR. The allowance of tokens placed in this second bucket is called the excess burst (Be), and this number of tokens is placed in the bucket when Bc is full. When the Bc is not full, the second bucket contains the unused tokens. The Be is the maximum number of bits that can exceed the burst siz
LAB
BGP Basic Lab
GNS3 File: File:cbt nuggets bgp lab.zip
Objectives
- Configure iBGP & eBGP
- Establish Neighbors using Loopback interfaces
- Using Update-Source command
- Using eBGP-Multihop command
- Advertising Networks into BGP
- Turn off BGP Auto-Summary
- BGP Synchronization
- BGP Handling of Next Hop Address
Configurations
- R1 Config
! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 update-source Loopback1 no auto-summary !
- R2 Config
! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.2 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
- R3 Config
! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
- R4 Config
! interface Loopback1 ip address 4.4.4.4 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.45.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 1.1.1.1 update-source Loopback1 neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 5.5.5.5 remote-as 6500 neighbor 5.5.5.5 ebgp-multihop 2 neighbor 5.5.5.5 update-source Loopback1 no auto-summary ! ip route 5.5.5.5 255.255.255.255 10.1.45.2 ! !
- R5 Config
! interface Loopback0 ip address 200.1.1.1 255.255.255.255 ! interface Loopback1 ip address 200.1.2.1 255.255.255.255 ! interface Loopback2 ip address 200.1.3.1 255.255.255.255 ! interface Loopback3 ip address 200.1.4.1 255.255.255.255 ! interface Loopback4 ip address 200.1.5.1 255.255.255.255 ! interface Loopback5 ip address 200.1.6.1 255.255.255.255 ! interface Loopback6 ip address 50.1.1.1 255.255.255.0 ! interface Loopback7 ip address 5.5.5.5 255.255.255.255 ! interface Serial1/2 ip address 10.1.45.2 255.255.255.0 serial restart-delay 0 ! ! router bgp 6500 no synchronization bgp log-neighbor-changes network 50.1.1.0 mask 255.255.255.0 redistribute connected route-map FILTER neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 ebgp-multihop 2 neighbor 4.4.4.4 update-source Loopback7 no auto-summary ! ip route 4.4.4.4 255.255.255.255 10.1.45.1 ! ! ! access-list 50 permit 200.1.1.1 access-list 50 permit 200.1.2.1 access-list 50 permit 200.1.3.1 access-list 50 permit 200.1.4.1 ! route-map FILTER permit 10 match ip address 50 !
BGP Attributes Lab
GNS3 Project File:CBT Nuggets BGP Attributes Lab.zip
Objectives
Configure below Attributes:
Weight AS-Path Next Hop Address Origin Local Preference Metric
Configurations
- R1 Config
! interface Serial1/0 ip address 10.1.12.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.13.1 255.255.255.0 serial restart-delay 0 ! ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor 10.1.12.2 remote-as 5500 neighbor 10.1.13.3 remote-as 5500 no auto-summary !
- R2 Config
! interface Serial1/0 ip address 10.1.12.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.23.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.24.2 255.255.255.0 serial restart-delay 0 ! ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor 10.1.12.1 remote-as 5500 neighbor 10.1.12.1 next-hop-self neighbor 10.1.23.3 remote-as 5500 neighbor 10.1.24.4 remote-as 777 no auto-summary !
- R3 Config
! interface Serial1/0 ip address 10.1.23.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.13.3 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.36.3 255.255.255.0 serial restart-delay 0 ! router bgp 5500 no synchronization bgp default local-preference 700 bgp log-neighbor-changes neighbor 10.1.13.1 remote-as 5500 neighbor 10.1.13.1 next-hop-self neighbor 10.1.23.2 remote-as 5500 neighbor 10.1.36.6 remote-as 777 neighbor 10.1.36.6 route-map LOCAL_PREF in default-metric 200 no auto-summary ! ! ip access-list standard ROUTES_FOR_R2 permit 200.0.0.0 0.255.255.255 ip access-list standard ROUTES_FOR_R3 permit 150.1.50.0 0.0.0.255 permit 150.2.50.0 0.0.0.255 ! route-map LOCAL_PREF permit 10 match ip address ROUTES_FOR_R3 set local-preference 1000 ! route-map LOCAL_PREF permit 20 match ip address ROUTES_FOR_R2 set local-preference 10 ! route-map LOCAL_PREF permit 30 !
- R4 Config
! interface Serial1/0 ip address 10.1.45.4 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.24.4 255.255.255.0 serial restart-delay 0 ! router bgp 777 no synchronization bgp log-neighbor-changes neighbor 10.1.24.2 remote-as 5500 neighbor 10.1.45.5 remote-as 911 no auto-summary !
- R5 Config
! interface Loopback0 ip address 150.1.50.5 255.255.255.0 ! interface Loopback1 ip address 150.2.50.5 255.255.255.0 ! ! interface Serial1/0 ip address 10.1.45.5 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.57.5 255.255.255.0 serial restart-delay 0 ! ! router bgp 911 no synchronization bgp log-neighbor-changes redistribute connected route-map FILTER neighbor 10.1.45.4 remote-as 777 neighbor 10.1.57.7 remote-as 711 no auto-summary ! ! access-list 50 permit 150.1.50.0 access-list 50 permit 150.2.50.0 no cdp log mismatch duplex ! route-map FILTER permit 10 match ip address 50 !
- R6 Config
! interface Serial1/0 ip address 10.1.67.6 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.36.6 255.255.255.0 serial restart-delay 0 ! ! router bgp 777 no synchronization bgp log-neighbor-changes neighbor 10.1.36.3 remote-as 5500 neighbor 10.1.67.7 remote-as 711 no auto-summary !
- R7 Config
! interface Ethernet0/0 ip address 200.50.2.7 255.255.255.0 half-duplex ! interface Ethernet0/1 ip address 200.60.2.7 255.255.255.0 half-duplex ! ! interface Serial1/0 ip address 10.1.67.7 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.57.7 255.255.255.0 serial restart-delay 0 ! ! router bgp 711 no synchronization bgp log-neighbor-changes network 200.50.2.0 network 200.60.2.0 neighbor 10.1.57.5 remote-as 911 neighbor 10.1.67.6 remote-as 777 no auto-summary !
References
{{#widget:DISQUS |id=networkm |uniqid=BGP |url=https://aman.awiki.org/wiki/BGP }}