BGP
Introduction
- Protocol Specifications
| Protocol Type | Path vector |
| Peering mechanism | Manual peering between neighbors |
| eBGP AD | 20 |
| iBGP AD | 200 |
| Rights | Open standard |
| Supported protocols | IPv4, IPv6 |
| Transport | TCP/179 |
| Update mode | Only triggered |
| Timers | Hello (60 sec) |
| Authentication | None, MD5 |
| Specifications | RFC 4271 |
- Usage applications
BGP is needed for redundancy of servers. BGP is not used for providing redundancy to users for internet access. Customer connected to multiple Internet service providers (ISPs). Service provider networks (Transit autonomous system). Network cores of very large enterprise networks (distribution or core layer)as a backup or redundant routing protocol due to its stability.
- Customer's Network will become a Transit Autonomous system if ISP traffic passes through your AS.
- Session Establishment facts
BGP neighbors are not discovered. They must be configured manually on both sides of the connection. TCP port 179 is used. Only one session remains if both connection attempts succeed.
- Without tuning behaves like RIP, considers AS as a Hop.
- BGP is an advanced Path Vector Protocol and has following advantages:
Reliable updates (using TCP) Triggered updates only Rich metric (Path attributes) Scalable to massive networks Updates are Incremental and Triggered
- Only 1 instance of BGP can be run on a router. It will show an error if running it with another AS Number.
BGP States
Idle Neighbor is not responding/Verifying Route to neighbor Active Attempting to connect Connect TCP session established OpenSent Open message sent OpenConfirm Neighbor replied with Open Message Active(2nd) Neighbor failed to reply or Mismatched Parameter Established Adjacency established
BGP Messages
Open Starts the Session Update Network Reachability Exchanges Keepalive Sent every 60 seconds Notification Always indicate something is wrong
BGP Tables
Neighbor Table Configured/Connected BGP Peers BGP Table List of All BGP Routes(Can be Huge) Routing Table List of Best Routes
BGP Route selection criteria[1]
Mnemonics: N-WLLA-OMNI
Full Internet BGP routing table is more than 300K routes and a BGP router can receive multiple copies of that routing table from multiple providers, router has to compare those multiple entries and select only the best route for the routing table. It uses the BGP Best Path Selection Algorithm to do this. Routes installed by different BGP instances are compared by the general algorithm, i.e. route distances are compared and the route with lower distance is preferred.
| Attribute | Which is better |
|---|---|
| Next Hop reachable | Route cannot be used if next hop is unreachable |
| Weight | Bigger |
| Local Preference | Bigger |
| Locally Injected | Locally injected is better than iBGP/eBGP learned |
| AS Path Length | Smaller |
| Origin | Prefer IGP over EGP & EGP over Unknown |
| MED | Smaller |
| Neighbor Type | Prefer eBGP over iBGP |
| IGP Metric to Next Hop | Smaller |
Filter with Route Maps
- Route maps are very powerful filtering tools, they can be used to accomplish the following tasks:
Filter on IP prefixes coming from a specific autonomous system Filter on other BGP attributes Modify BGP attributes
- Match clauses in the BGP route map can be based on the following:
IP network numbers and subnet masks (prefix list or access list) Route originator Next hop Origin code Tag value attached to an Interior Gateway Protocol (IGP) route Autonomous system path Community IGP route type
- With a route map, the following can be set:
Origin Next hop Weight Community Local preference MED
- You can apply a route map on incoming or outgoing routing information for a neighbor.
- The routing information must be permitted by the route map to be accepted.
- If the route map has no statement explicitly permitting a route, the route is implicitly denied and dropped.
- The syntax required is as follows:
Router(config-router)# neighbor ip-address route-map name in|out
What is a Route Reflector?[2]
 This section is under construction.
|
Synchronization
Do not Use or Advertize a route learned by iBGP unless the same has been learned by IGP as well. This is used to prevent the traffic form getting dropped by the intermediate routers.
Auto-Summarization
| This section is under construction.
|
Next Hop Processing
eBGP: Changes next hop address on advertized routes.
iBGP: Do not changes next hop address on advertized routes.
iBGP was designed to be run in Frame Relay, Ethernet:
[R1] [R3]
| |
---------
|
[R2]
Here if Peering is formed between R1-R2 & R2-R3.
Traffic from R1 can reach R3 directly if the next hop IP is not changed.
Else it needs to pass through R2 unnecessarily.
Can be changed with:
# neighbor 1.1.1.1 next-hop-self
BGP Split Horizon
Do not send updates that you receive from iBGP to other iBGP peers
Peer Groups
neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS next-hop-self neighbor IBGP_PEERS update-source lo1
neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS
MED vs Local Preference
- Multi-Exit Discriminator
- The MED is an optional attribute that comes in handy when there are multiple entrance paths to an AS.
- The remote AS sets MED values to tell the other AS which path to use.
- The MED is passed between the two autonomous systems, but the value is not passed to any other ASs.
- The path with the lowest MED is the preferred path.
- This attribute is only used to influence entry INTO the AS.
- Local Preference
- LOCAL_PREF is a well-known attribute that is also used when multiple paths between autonomous systems exist.
- The LOCAL_PREF attribute is just that… local and exclusive to the AS.
- Routers within the local AS are told what path to use to exit that AS.
- The local preference value is passed only among iBGP peers, and this value never leaves the local AS.
EBGP vs IBGP
| EBGP | IBGP |
|---|---|
| Peering is between two different AS | Peering is between same AS |
| Routes learned from eBGP peer will be advertised to other peers(EBGP or IBGP) | Routes learned from IBGP peer will not be advertised to other IBGP peers, can be advertised to EBGP peer. |
| EBGP peers are set with TTL = 1, neighbors are assumed to be directly connected. Can change this behavior for EBGP by “neighbor x.x.x.x ebgp-multihop <TTL>”. Multihop is the term used in EBGP only. |
For IBGP peers dont need to be directly connected. |
| Routes have AD of 20 | Routes have AD of 200 |
| Next hop is changed on advertised routers | Next-hop IP will not be changed when adv prefixes to another IBGP |
Troubleshooting and Monitoring
| Command | Description |
|---|---|
| show ip bgp neighbor ip-address | Displays detailed neighbor information |
| show ip bgp | Displays all the routes in the BGP table |
| show ip bgp ip-prefix [mask subnet-mask] | Displays detailed information about all paths for a single prefix |
| debug ip tcp transactions | Displays all TCP transactions |
| debug ip bgp events | Displays significant BGP events |
| debug ip bgp keepalives | Debugs BGP keepalive packets |
| debug ip bgp updates | Displays all incoming or outgoing BGP updates |
| debug ip bgp updates acl | Displays all incoming and sent updates matching an ACL |
| debug up bgp ip-address update [acl] | Displays all BGP updates received from or sent to a specific neighbor |
- BGP route not installing, route reasons:
Synchronisation is enabled & route unknown by IGP(run 'no sync' command) Next Hop inaccessible (for iBGP run 'neighbor 1.1.1.1 next-hop-self' command) AS path includes the local AS Rejection by inbound policy
- Blackhole formed in iGBP if all internal routers not running BGP, Solution:
Redistribute into IGP: Full Routing Table redistribution not possible, Redistribute partial routing table/specific routes. Add a direct WAN Link between BGP Peers Run iBGP between Peers ?? Configure Route Reflector
- If any of the neighbors in below command output shows as in 'Active' state, it means some issue with the neighbor:
show ip bgp summary
- Use Loopback interface for forming peers in router having multiple links.
When using eBGP, peers will not come up when using loopback as they need to be directly connected and should not have a Hop.
Use ebgp-multihop command to resovle this issue:
# neighbor 1.1.1.1 ebgp-multihop 2
- There are 2 ways to advertise networks into BGP:
Network Command Redistribution
- When using Network command:
Below command will advertize 50.0.0.0/8 into BGP
network 50.0.0.0
Therefore advertize exact subnet only:
network 50.1.1.0 mask 255.255.255.0
- If the carot sign '>' is missing, the route is not the best one, so not installed in routing table:
* valid, > best, i - internal, r RIB-failure Network Next Hop Metric LocPrf Weight Path *> 10.1.1.1/32 0.0.0.0 0 32768 i *>i10.2.2.2/32 172.16.1.2 0 100 0 i
R&S Quick Notes
When using Communities, don’t forget “neighbor send-community” Know your attributes and the direction which applied, when to used what. “aggregate address” needs a more specific prefix in the BGP table for aggregate to be advertised. Synchronization issue has 3 solutions, 1- Load BGP on all transit routers, 2- GRE tunnel, 3- Redistribution BGP>IGP. “no bgp nexthop trigger” – Disables next-hop tracking between scanner intervals. “no bgp fast-ext-fallover” – Force the router to wait for the dead-timer to expire, before generating notification messages , when a connected peer goes down. “neighbor fall-over” – Will check neighbor connenctivity between scanner intervals, aka BGP Fast Peering. Only the Holdtime is sent in update-msg. Two neighbors will use the lowest holdtime and then calculate the keepalive from that. Know your Regular Expressions Know the difference between Peer-Groups and Peer-Templates
LAB
BGP Basic Lab
GNS3 File: File:cbt nuggets bgp lab.zip
Objectives
- Configure iBGP & eBGP
- Establish Neighbors using Loopback interfaces
- Using Update-Source command
- Using eBGP-Multihop command
- Advertising Networks into BGP
- Turn off BGP Auto-Summary
- BGP Synchronization
- BGP Handling of Next Hop Address
Configurations
- R1 Config
! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 update-source Loopback1 no auto-summary !
- R2 Config
! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.1 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.12.2 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
- R3 Config
! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.13.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 4.4.4.4 peer-group IBGP_PEERS no auto-summary !
- R4 Config
! interface Loopback1 ip address 4.4.4.4 255.255.255.255 ! ! interface Serial1/0 ip address 10.1.24.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/1 ip address 10.1.34.2 255.255.255.0 serial restart-delay 0 ! interface Serial1/2 ip address 10.1.45.1 255.255.255.0 serial restart-delay 0 ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! router bgp 5500 no synchronization bgp log-neighbor-changes neighbor IBGP_PEERS peer-group neighbor IBGP_PEERS remote-as 5500 neighbor IBGP_PEERS update-source Loopback1 neighbor IBGP_PEERS next-hop-self neighbor 1.1.1.1 peer-group IBGP_PEERS neighbor 1.1.1.1 update-source Loopback1 neighbor 2.2.2.2 peer-group IBGP_PEERS neighbor 3.3.3.3 peer-group IBGP_PEERS neighbor 5.5.5.5 remote-as 6500 neighbor 5.5.5.5 ebgp-multihop 2 neighbor 5.5.5.5 update-source Loopback1 no auto-summary ! ip route 5.5.5.5 255.255.255.255 10.1.45.2 ! !
- R5 Config
! interface Loopback0 ip address 200.1.1.1 255.255.255.255 ! interface Loopback1 ip address 200.1.2.1 255.255.255.255 ! interface Loopback2 ip address 200.1.3.1 255.255.255.255 ! interface Loopback3 ip address 200.1.4.1 255.255.255.255 ! interface Loopback4 ip address 200.1.5.1 255.255.255.255 ! interface Loopback5 ip address 200.1.6.1 255.255.255.255 ! interface Loopback6 ip address 50.1.1.1 255.255.255.0 ! interface Loopback7 ip address 5.5.5.5 255.255.255.255 ! interface Serial1/2 ip address 10.1.45.2 255.255.255.0 serial restart-delay 0 ! ! router bgp 6500 no synchronization bgp log-neighbor-changes network 50.1.1.0 mask 255.255.255.0 redistribute connected route-map FILTER neighbor 4.4.4.4 remote-as 5500 neighbor 4.4.4.4 ebgp-multihop 2 neighbor 4.4.4.4 update-source Loopback7 no auto-summary ! ip route 4.4.4.4 255.255.255.255 10.1.45.1 ! ! ! access-list 50 permit 200.1.1.1 access-list 50 permit 200.1.2.1 access-list 50 permit 200.1.3.1 access-list 50 permit 200.1.4.1 ! route-map FILTER permit 10 match ip address 50 !
BGP Attributes Lab
Objectives
Configure below Attributes:
Weight AS-Path Next Hop Address Origin Local Preference Metric
References
{{#widget:DISQUS |id=networkm |uniqid=BGP |url=https://aman.awiki.org/wiki/BGP }}