Basic BGP Notes in Short
Basic BGP Notes in Short
Basic BGP Notes in Short
as some like to call it. BGP is a routing Protocol, which is used mainly for:
Sharing prefixes (networks) between ISPs, thus enabling the Internet to scale;
Multi-home an organization to several ISPs (whereby Internet prefixes from ISPs are
learned, and its own networks are advertised)
BGP is an Exterior Gateway Protocol (EGP), which differentiates from IGPs such as RIP,
OSPF, IS-IS, EIGRP mainly for:
Uses TCP (port 179) for transport ensuring reliable delivery of BGP messages between
peers (Routers)
Can scale hundreds of thousands of Routes (without crashing like IGPs would)
Peers are manually configured there is no automatic peer discovery, all peers must
be manually added
Besides prefix, mask and metric, BGP carries several additional attributes. Though
being a major advantage against other protocols, attributes also have the disadvantage
of making BGP more complex to configure
BGP is political in nature when it comes to finding best paths, meaning Best Paths
can be flexibly changed (using attributes). IGPs on the contrary have fixed best path
algorithm, namely Short Path First, and chose it by metric. It is much harder to
manually influence the Best path choosen in an IGP (for instance you can change the
cost of an interface, but it is not possible to set a different cost on the same interface
for different destinations), whereas in BGP it is much easier.
BGP may converge more slowly when failures occur, whereas IGPs usually converge
faster
Since BGP is not a link state protocol, BGP does not share every prefix in its BGP table
with every peer. Instead, it only shares the best routes with peers (even though it might
know several paths to the same destination).
BGP carries several attributes with each prefix. Since there is no space in the routing table to
hold all those attributes, BGP has its own table where it stores prefixes with all its attributes.
However, BGP table is not used directly to route IP packets. Instead BGP places only the best
prefixes in the routing table with administrative distance of 255 (so that ii the prefix is
learned by both BGP and IGP, the IGP route will always be preferred), while maintaining all
prefixes in its table. This allows for redundancy as well as load balancing capabilities.
Attributes are what makes BGP so flexible and thus interesting. Most are optional, only the
first three are mandatory.
Origin (mandatory) indicates how the attribute was originally created into BGP; in
other words, it indicates if a certain prefix was imported from another Routing protocol
or static routes, or if it was specifically originated by the administrator manually, or
even if it was originated by the EGP (obsolete)
Next hop (mandatory) -is an IP address, that should be used for packets destined to
a certain prefix. It allows a peer to deduce the interface to use to send packets to the
appropriate border router.
AS 4 Path (optional) used to support the longer 32 bit AS numbers through AS that
support only 16 bit AS numbers
Cluster List (optional) helps preventing loops when using multiple clusters of Route
Reflectors (in redundant HA mode). Cluster List operates much like AS Path does,
collecting the sequence of Cluster IDs through which the update has traversed. This
attribute is also exclusive for iBGP environments, and will not traverse to eBGP peers
Finally the BGP decision process hierarchy, from highest to lowest. BGP will chose the best
path considering the many attributes associated with the multiple copies of one prefix,
instead of the cost or metric like IGPs. Since the attributes can be changed by the
administrator, the best path configuration is indeed based on the preferences of the
administrator. BGP will also maintain several paths in its table, so that when a prefix is no
longer available (for example due to a link failure which BGP monitors through its keep-alive
messages in the TCP session) a new best path is populated in the routing table.
Whenever a tie, move to next lower level in order to choose the best path chosen to
populate the routing table:
Next hop reachable a route must exist to next hop IP address, and will not be
considered if not reachable
Local preference the highest local preference value will be chosen. The policy is
local to the AS
What is BGP?
In the early days, the Internet used static routes, but very quickly network administrators couldnt keep manually updating their routing
tables. Later, Internet network admins used a protocol called EGP but EGP was not scalable. BGP was introduced to solve all these
problems and more. BGP stands for Border Gateway Protocol and the most current version is BGP4. BGP4 is based on RFC4271.
BGP is a routing protocol (software) that runs on routers. BGP allows for fully decentralized management of the Internet. That means, if
you have a BGP router on the Internet, you can tell all other routers what networks you have available to everyone in the world.
BGP calls each routing domain an autonomous system (AS). BGP is called a path vector routing protocol and its main metric is
shortest AS path. That means that it selects the best path, through the Internet, by choosing the route that has to traverse the fewest
autonomous systems.
Overview again: Before we dive into BGP we need to know what is BGP, where/when are we gonna use it ? BGP is the successor of
EGP [Exterior Gateway Protocol], and currently its the only EGP deployed. BGP is an Enhanced Distance Vector Protocol used in
routing between Autonomous Systems [AS] aka Interdomain Routing, where an AS is a collection of networks under single
administration. We use BGP in several occasions as Service Providers networks, Multihomed customers and large enterprise networks,
etcIt is considered to use a path-vector routing algorithm. This means it tracks the path in terms of which AS it passes through, and
does NOT track the route through individual routers within an AS, and is not specifically capable of performing load balancing or
packet forwarding itself. BGP is the routing protocol of choice and is used by all the Network Service Providers (NSPs) such as UUNet,
Sprint, Cable & Wireless, Level3, Qwest etc. It is dynamic and handles outages and link failures fairly gracefully. To use BGP, you must
have a router that supports BGP; register an AS Number and contact your provider to set up a BGP session.
BGP has gone through three revisions. The current version in use is BGP4 and is supported by most router manufacturers including
Cisco, Lucent/Bay, Juniper and many others, as well as by Unix and Linux programs such as Zebra.
Do I need to run BGP on my home or small business router?
The short answer to this question is NO. You do not need to run BGP on your home or small business router. All Internet Service
Providers (ISPs) that have multiple connections to the Internet use BGP to communicate with those other providers. If you only have a
single connection to the Internet, you dont need BGP because you dont have any other path to select from. Because of that, you dont
need a routing protocol to select the best path.
What if I want to run BGP?
If you want to run BGP, you will have to talk to your Internet Service Providers to see if they will agree to communicate with you via
BGP. You will have to show your need to run BGP. There are no cable or DSL internet providers that will allow you to communicate with
them via BGP. The only circuits that you will be using BGP on are T1 speeds and above. The only providers that will allow you to
exchange BGP routes with them are major (Tier 1 or Tier 2) Internet Service Providers.
Lets say that you have a T1 to Sprint and a T1 to AT&T. To run BGP, you will have to obtain an autonomous system number and block
of public IP addresses to advertise. In the United States, both of these can be obtained from theAmerican Registry of Internet Numbers
(ARIN). Other countries have their own providers. You can find yours through the ARIN International Community webpage. These
regional registries (like ARIN) are also places to turn to, to troubleshoot networking by looking up the owners and contact information for
IP address blocks and AS numbers. There are BGP looking glass servers on the Internet that you can use to view the status and BGP
routing tables of Internet BGP routers.
With BGP, your router will download a full list of Internet routes from your ISPs (BGP neighbors). A full list of Internet BGP routes is over
150,000 routes. That means, with two providers, you will have to download over 300,000 routes. Your router will put all those routes into
memory and compare them to find the best route (the route with the shortest AS path). The best routes will be put into the routing table.
As you might guess, you will need a strong router with a fast CPU and lots of RAM to process these BGP routes. I recommend at least
a Cisco 3800 series router with 1GB of RAM.
BGP Basics:
There is two types of BGP, IBGP & EBGP, if the as-numbers of the peering routers are the same then its IBGP, if they are
different then its EBGP.
BGP uses TCP as its reliable transport protocol and it runs over TCP port 179.
The router with the higher router-id establishes the BGP peering session.
BGP uses Keepalive messages to detect the presence of its neighbor, Keepalive interval value is 60 sec, and Holdtime is 180
sec by default [1:3 ratio], Holdtime value is exchanged in the Open Message, and you can only modify the Holdtime value, BGP
peers use the lower Holdtime value configured on either of them.
BGP uses triggered updates, 5 sec interval for IBGP and 30 sec interval for EBGP.
If multiple paths exist for the same network, only one is selected as the best route and the remaining routes are stored in the
memory, Router propagates best routes only to its neighbors.
If multi path load sharing is enabled, router can select multiple paths to a single destination and installs them int the routing
it was learned from another routing protocol the router compares the Administrative Distance [AD] and prefers the lower.
BGP Split Horizon Rule: When a router receives an update it never sends it back to the source which it received from.
IBGP Split Horizon Rule: Routes learned from an IBGP neighbor is never sent to other IBGP neighbors, thus all IBGP routers
inside an AS needs full mesh for consistent routing decisions.
AS-Path loop prevention mechanism: When a router receives an update containing its own AS number; it silently ignores the
update.
EBGP peers should be reachable for all BGP speaking routers inside an AS, this is achieved by either redistributing connected
interfaces of the EBGP peers into IGP, or run IGP over the EBGP peers interface and make them passive so that they dont
exchange IGP information, or finally use the neighbor ip-address next-hop-self command so that the edge router announces it self
as the next hop for the IBGP peers.
BGP sessions can be initiated using loopback interfaces, IGP or Static Routes are used for providing reachability between
loopbacks, also the update source for the BGP session should be modified in order to successfully establish the session using the
neighbor ip-address update-source loopback number command. For EBGP sessions to be established successfully using the
loopback interfaces you will need to use the neighbor ip-address ebgp-multihop value command.
IGP is used inside an AS to provide full reachability required for establishing IBGP sessions, fast convergence in case of
physical failure in one of the multiple paths between IBGP routers, and next hop resolving aka recursive look up for appropriate
packet forwarding.
Checks before becoming a neighbor
The TCP connection request must come from an IP associated with a neighbor command
Next-hop:ip address of the router sending the updates, by default it changes when a route is advertised to
Origin: Indicates how BGP learned the route [IGP - EBGP - ?].
Discretionary Well Known Attributes:
Atomic Aggregate: informs a neighbor router that the originating router aggregated the routes.
Transitive Optional Attributes:
Aggregator:Specify the ip address and the AS number of the router that performed the aggregation.
Multi-Exit Discriminator [MED]: Discriminate between multiple exit points within an AS.
Cost Community: Used to influence best-path selection for IBGP and confederations only.
Single BGP process is started on the router using router bgp as-number command.
Neighbors must be configured manually on both sides using neighbor ip-address remote-as as-number command.
It uses TCP port 179 and the session of the router with the higher Router-id is retained.
The first state of the BGP session is IDLE which indicates that the router is currently not attempting any session establishment,
for a router to change its IDLE state; the configured neighbor ip address should be reachable.
When peers are correctly configured the state is changes to ACTIVE which indicates that the router is actively sending
connections attempts to its neighbor.
When the TCP connection attempt succeed, the router sends an Open Message containing BGP session information and
changes the state to be OpenSent.The Open Message contains [BGP version number - AS of local router - Holdtime - Router-ID Optional parameters].
If the neighbor router accepts the parameters in the Open Message; it replies with its own Open Message, the local router
receives the Open Message and changes the state to OpenConfirm, and it verifies the parameters of the neighbor router, if
accepted a keepalive message is sent as signal of acceptance and then the state is changed to Established.
Next-hop: If not reachable the route is not installed in the routing table.
2.
3.
4.
5.
6.
7.
8.
9.
For IBGP: Prefers path via closest IGP neighbor [Next-Hop with lowest IGP metric].
10.
11.
Advertising Networks:
There are three ways to announce networks into BGP:
when either of the three ways is used the AS-Path will appear empty indicating that the route is locally originated, when the
route traverses through other ASes, the forwarding router prepends its own AS number to the AS-Path.
Network command operates differently in BGP; indicates which routes will be injected in the BGP table not which interface will
BGP run over.
Using a Route-Map with the Network command allows you to alter Weight, Local Preference, MED and tagging the route.
When redistributing routes into BGP, they carry an origin of incomplete ?. Conditional Route Injection: is injecting a route
into BGP with no matching route in the routing table, this is achieved by using the bgp inject-map map-name exist-map map-name
command.
For a router to install a classful network in the BGP table when Automatic summarization is enabled; A classful network
statement with a classful mask and at least one subnet of this classful network should exist in the routing table.
When Automatic summarization is enabled; all redistributed subnets will be summarized to their classful network.
When summarization is disabled, an exact match must be found in the routing table.
Aggregation is summarization of routes when it is advertised to other neighbors, and its configured using aggregateaddress ip-address maskcommand.
For an aggregate route to be advertised to other neighbors; a route within the range of the aggregate must exist in the BGP
table in order to install the aggregate in the BGP table.
By default both the aggregate and the specific routes are advertised to the neighbors, to advertise the aggregate only you will
have to use the summary-only keyword with the aggregate command.
MD5 authentication between BGP peers by using the neighbor ip-address password password command.
TTL-Security: The router compares the TTL value received with the locally configured hop count value, this option is supported
for both directly connected and multihop EBGP peers. the command for this option is neighbor ip-address ebgp-multihop ttl; where
TTL is a numeric value.
Multihoming:
Multihoming is a customer being connected to a single ISP with multiple links or connected to multiple ISPs.
Multihomed customers should run BGP with their ISPs using public AS and provider independent address space.
Multihomed customers should advertise their own address space only to their ISPs and do not advertise routes learned from
their ISPs do avoid acting as a Transit-AS between their ISPs.
For influencing Upstream ISP selection, Weight and Local Preference can be used inside a Multihomed Customer AS.
For influencing Downstream ISP selection, MED can be used if the customer is multihomed to a single ISP as MED doesnt
traverse through ASes, and AS-path Prepending can be used if the customer is multihomed to multiple ISPs because AS-path
attribute traverses through ASes.
AS-Path Filtering:
Use ip as-path access-list number [permit/deny] as-regular-expression & neighbor ip-address filter-listaccess-listnumber [in/out] commands.
Regular Expressions:
[123] [1-4]> matches any single character from those between braces.
Underscore (_)> matches any delimiter [beginning, end, space, tab, comma]
\> removes the meaning of the special character following it so it could be matched if found in an AS-Path eg. as () in
confederations.
Prefix-List filtering:
It has some advantages over IP Access Lists as: Provide flexibility in editing, inserting and deleting individual lines, Matches
based on subnetmask, etc
An entry with Le/Ge matches any route within the range specified.
Configuration example:
ip prefix-list name seq number [permit/deny] prefix/length ge value le value neighbor ip-address prefixlistname [in/out] redistribute-list prefix-list name out routing-process.
Its a BGP feature that allows a router to accept a prefix-list from a neighbor and apply it to locally configured ORF neighbor.
Its used to minimize the number of updates sent between neighbors and reduce system resources.
Configuration example:
ORF types
When to refresh
ORF Types:
Route-Map Filtering:
Route-Map matches: prefix-list/access-list/route originator/next-hop/origin/AS-path/community/IGP tag/IGP
type[internal/external].
Route Map Continue Cause: its like the match and the set causes of the route-map, when a match in the route-map is
successful continue clause -if configured- jumps to a pre-specified route-map entry, the continue clause takes place if a match is
successful, if not then it is ignored.
If the route-map has no match clause, the continue clause takes place automatically, if a match is successful the continue
numbermatch policy-map namematch ip address prefix-list namematch ip next-hop prefix-list namematch ip route-source prefixlist name continue seq-number neighbor ip-address route-map name[in/out]
AS-Path Prepending:
Used to influence other ASes to select a specific return path towards an AS.
Used to distribute the load of returning traffic for multihomed customers, however in this case you will have to monitor the
traffic and prepend AS to path as needed to accomplish the traffic load.
To avoid BGP AS-Path loop prevention mechanism, use only the AS number of the sending AS.
Service Providers use AS-Path filter to allow routes that are originated from Customers AS only, if the Customer is going to use
AS-Path prepending the Service Provider will have to change their filter to allow AS-Path containing more than one copy of
Customers AS number.
AS-Path prepending is applied using Route-Maps on per neighbor basis. route-map route-map-name permit 10 set as-path
no-prepend: does not prepend local AS number to any learned EBGP routes.
replace-as: replaces the local AS number with the one set int the command to the AS-path attribute.
dual-as: allows the establishment of EBGP sessions using either the real AS number or using the AS
peerings [i.e. when an ISP buys another ISP and merging both networks into only one network].
Its drawback : if you configured the above command with an AS number that already exists for one of the IBGP peers, when
this IBGP receives the route it will detect its own AS number in the AS path and it will ignore this route considering it as a routing
loop.
Multi-Exit Discriminator [MED]:
Default value is Zero and in comparison the lower value the better, to change the default value use default-metric number
command.
MED can be set in ways:
Using a Route-Map
Inherited from an IGP by either using the BGP Network command or redistributing into BGP.
MED is compared when different values are received from same AS, if bgp always-compare-med is used MED from different
In intra-confederations MED is not compared and to compare it bgp bestpath med confed should be used.
BGP sets a missing MED value to infinite value, however Cisco IOS does set it to Zero, to change this behavior of Cisco IOS
the bgp bestpath med missing-med-worst command should be used.
bgp deterministic-med allows BGP to compare the MED values after the AS-Path attribute directly.
Communities:
By default its stripped in outgoing BGP updates, to enable sending communities the neighbor ip-address send-community
should be used in per-neighbor basis.
Route-Map is used for setting the community value, it can be applied with redistribution, network command, neighbor
command and aggregate command.
In Route-Map configuration, the additive keyword prepends new Community value to the existing Community values, if not
used it will override the existing Community values. set community value [value ...][additive]
The ip bgp-community new-format command is recommended when the Community value contains AS numbers.
Values in one line must match to be accepted, if no matches the list acts as an Access-List and denies the
route.
Allow insertion and deletion of lines in the BGP Extended Community List.
Its used to influence best-path selection for IBGP and confederations only.
Default value is 2147483647 and in comparison the lower value the better.
The keyword IGPinfluences the best-path selection at the POI [point of insertion] which follows the IGP
metric comparison in BGP route selection criteria. In case if the POI step is not valid the cost community is silently ignored.
Routes learned from a directly connected external neighbor propagates through the IBGP network with the bandwidth of the
external link.
The neighbor ip-address dmzlink-bw command is used to advertise the bandwidth of links used to exit an AS, its configured
When Route Reflector receives a route update from a Route Reflector Client; it sends the route to all other peers.
When Route Reflector receives a route update from a Non Route Reflector Client; it sends the route to all of its Clients and
EBGP peers only.
When a Route Reflector Client receives an IBGP route update; it sends it to EBGP neighbors only.
When a Route Reflector Client receives an EBGP route update; it sends it to all of its neighbors.
In case of redundant Route Reflectors; Route Reflector Clusters is used to prevent routing loops, the Route Reflector adds
Cluster-id and Originator-id to the advertised route updates.
When a Route Reflector receives a route update with its own Cluster-id; it silently ignores the route update.
When a Route Reflector Client receives a route update with Originator-id same as its Router-id; it silently ignores the route
update.
When a Route Reflector receives two IBGP route updates; the non reflected route update [the one with no Originator-id] is
preferred.
When a Route Reflector receives two IBGP route updates ; the one with the shortest Cluster-list is preferred.
Confederations:
Confederations splits the AS into smaller ASes to reduce the number of BGP sessions needed for full mesh IBGP.
Confederations eliminates the need of full mesh IBGP, however its needed inside each Confederation which can be achieved
by setting a Route Reflector inside the Confederation.
When communicating to real EBGP neighbors, internal ASes are hidden and only one external AS is announced to all real
EBGP neighbors.
Intra-Confederation EBGP sessions are used between Member-ASes, however it is slightly different from the Real EBGP
sessions as is behaves like IBGP in passing BGP attributes as Local-Preference, MED, Next-Hop.
Entire Confederation should use same IGP as they all use same Next-Hop ip- addresses.
To configure Confederations:
List all Member-ASes of the Confederation on each router with EBGP Session.
router bgp member-as bgp confederation identifier external-as bgp confederation peers list-of-memberas
Peer Groups:
Used to configure multiple neighbors with similar requirements, also used as a BGP performance enhancement tool since the
router builds a single update for all Peer Group members which reduces the CPU load.
Peer Group parameters can be overridden by per-neighbor configurations on incoming updates only.
Peer Group configuration: neighbor group-name peer-group neighbor group-name bgp-parameters neighbor ip-address
peer-group group-name
Route Dampening:
When an EBGP route flaps it gets 1000 Penalty Points, when the Penalty Points exceeds the Suppress Limit the route is
dampened. The Penalty Points decay through the use of a decay algorithm, when it drops below the reuse limit the route is readvertised.
Flapping history of a route forgotten after the Penalty drops below than half of the Reuse Limit.
After enabling Route Dampening; routes in the BGP Table are never removed, the route is kept in the BGP Table and marked
as history h.
To enable Route Dampening, the bgp dampening [half-life reuse suppress max-suppress-time] [route-maproute-map-name]
command is used.
suppress limit in which penalty of a route exceeds the route is suppressed [default value is 2000].
reuse limit in which penalty of route drops below, the route is unsuppressed [default value is 750].
max-suppress-time no route is suppressed longer than this duration [default value is 60 minutes &
maximum us 255 minutes].
Useful commands:
show ip bgp flap-statistics [ regexp regexp | filter-list access-list | ip-address mask [longer-prefix] ].