Border Gateway Protocol Overview

This chapter covers basic Border Gateway Protocol (BGP) technology and path attributes, details BGP session establishment and routing information exchange and describes basic IOS configuration and troubleshooting tasks. It includes the following topics:
s s s s

Objectives Introduction to BGP BGP path attributes BGP neighbor configuration and session BGP routing updates Simple BGP configuration Monitoring and troubleshooting of simple BGP Summary Review Questions

s s s

s s

Upon completion of this lesson, you will be able to perform the following tasks:

Explain the need for BGP and typical BGP usage Describe basic BGP technical characteristics Describe BGP path attributes Describe BGP session establishment and routing Configure basic BGP on Cisco router Monitor and troubleshoot basic BGP setup

s s s

information exchange
s s


BGP Overview

Copyright ©1999, Cisco Systems, Inc.

Introduction to BGP
Upon completion of this section, you will be able to perform the following tasks:
s s s s s

Explain the need for interdomain routing Describe the need for external routing protocol List the basic BGP technical characteristics Identify typical BGP usage scenarios Explain BGP limitations

Copyright ©1999, Cisco Systems, Inc.

BGP Overview


a range of private AS numbers (64512 – 65535) has been reserved. s 23-4 BGP Overview Copyright ©1999.com BGP_Overview—Page-5 When talking to people involved with Internet routing. although confusing for a novice. RIP or EIGRP) only care about finding the optimum (usually fastest) route between two points. OSPF. which means sharing the same routing protocol and routing policy. the terms autonomous system. It is usually based on a set of policies. Some other definitions refer to a collection of routers or IP prefixes. . Public AS numbers are assigned by Internet registries. Contrary to them. are really extremely simple to grasp: An autonomous system (AS) is a collection of networks under a single technical administration. The important principle is the technical administration. Autonomous systems are identified by AS numbers. s Exterior routing protocols (Border Gateway Protocol—BGP—being the only widely used one) are protocols that have the right set of functions to support the various interdomain routing policies. s Interdomain routing is routing between autonomous systems. 16bit unsigned quantities ranging from 1 to 65535.Interdomain Routing AS65000 AS65001 OSPF BGP EIGRP • An autonomous system (AS) is a collection of networks under a single technical administration • Interior routing protocol (IGP) is run inside an autonomous system resulting in optimum intra-AS routing • Exterior routing protocol (EGP) is run between autonomous systems to enable routing policies and improve security © 2000. interdomain routing and interior and exterior routing protocols are commonly used. interior routing protocols (for example. For customers that need AS numbers to run BGP in their private networks. Cisco Systems. Legal and administrative ownership of the routers does not matter in terms of autonomous systems. Inc. Inc. www. Cisco Systems. with no respect to routing policies. These terms. not just the technical characteristics of the underlying infrastructure. but in the end they all mean the same entity.cisco.

s Support for routing policies—routing between autonomous systems might not always follow the optimum path and exterior routing protocols have to support a wide range of customer requirements.com BGP_Overview—Page-6 The design goals for any interdomain routing protocol include the following: Scalability—interdomain routing protocol has to be able to support Internet routing. tight filters on routing updates and router authentication are very desirable features. Cisco Systems.Interdomain Routing Goals • Scalability • Internet has over 80. BGP Overview 23-5 . which consists of over 80. authentication is desirable • Routing policies support • Routing between autonomous systems might not always follow the optimum path © 2000. Inc. Inc.cisco.000 routes. s Copyright ©1999. Cisco Systems. www. s Secure information exchange—as the routers from other autonomous systems cannot be trusted.000 routes and is still growing • Secure routing information exchange • Routers from another autonomous system cannot be trusted • Tight filters are required.

Company B would easily achieve this goal by creating an access-list blocking all IP packets from AS1 transmitted on the 2Mbps serial line from Company B to the Internet. where two companies are connected to the Internet via leased lines of differing speed.cisco. Also.Routing Policies . In routing protocols other than BGP. refer to the above network diagram. Cisco Systems. Cisco Systems. Only networks local to AS2 are sent to AS1. which directly connects AS1 with AS2. which indicates that AS2 will receive reachability information from AS1 for its own use.com BGP_Overview—Page-7 To illustrate the need for interdomain routing protocol. but that information is never forwarded to AS1. . routing decisions are normally made to take benefit of the highest bandwidth available. Company B must make sure that packets from the Internet destined to Company A are never sent over the Internet access line to Company B. Company B could implement a routing policy. That action would create a black hole —Company A would send its packets to Company B and then Company B would drop them. because it would make the users in Company A generate traffic on the Internet access line purchased and paid for by Company B. To avoid this situation. www. how will the traffic between AS1 and AS20 flow? Q: Will AS 2 allow this traffic? Q: How would you solve this problem with OSPF or EIGRP? © 2000. This is not desirable by AS2. Also. AS1 23-6 BGP Overview Copyright ©1999. are never sent to Company B. Company B is unlikely to allow traffic from Company A to reach the Internet using Company B’s access line. Company B must make sure that the packets from Company A. which are destined to the Internet. The result of this routing policy would be that AS1 sees all the networks within AS2 reachable over the 2Mbps link. but AS2 will not forward that particular information to the Internet. Inc. AS2 will receive reachability information about the Internet from its Internet service provider. That would make traffic between AS1 and AS20 flow via AS2. Inc.Case Study bp M s Service Provider (AS 10) 64 kb ps 2 Company X (AS 20) 2 M s bp 2 Mbps Company A (AS 1) Company B (AS 2) Q: Assuming standard IGP route selection rules.

Inc. cannot do powerful route filtering at all. can do this. which makes it possible to scale over the Internet. Cisco Systems. for example. This routing policy is easy to implement when using BGP. However. however. BGP Overview 23-7 . therefore. not on all prefixes belonging to an autonomous system. the IP networks in AS1 will appear reachable by AS2 over the 2Mbps link. Also. BGP. can do route filtering only on individual IP subnets. Copyright ©1999. Therefore. which directly connects AS1 with AS2. such as OSPF. Link-state protocols. based on AS numbers. traffic from the Internet to Company A will be transmitted over the 64kbps link. it will only receive it from AS1.will not see the rest of the Internet reachable through AS2. AS1 forwards the packets toward the Internet directly over the 64kbps link. EIGRP. the Internet Service Provider will not receive that reachability information from AS2. but impossible to implement with any other routing protocol.

allows BGP to scale to Internet-sized networks. The reliable information exchange. Inc. www.cisco. a metric. So there is no need for periodical updates or routing information refreshments. 23-8 BGP Overview Copyright ©1999. combined with the batching of routing updates also performed by BGP. Inc. Cisco Systems. The receivers of that information will say “if that AS can reach those networks. This means that it will announce to its neighbors those IP networks that it can reach itself. If two different paths are available to reach one and the same IP subnet. All distance vector protocols have such means. then I can reach them via it”.com BGP_Overview—Page-8 BGP is a distance vector protocol. Cisco Systems.BGP Characteristics • Distance-vector protocol with enhancements: • Reliable updates • Triggered updates only • Rich metrics (called path attributes) • Designed to scale to huge internetworks © 2000. BGP is doing this in a very sophisticated way by using attributes attached to the reachable IP subnet. This means that the sender of the information always knows that the receiver has actually received it. This requires a means of measuring the distance. BGP sends routing updates to its neighbors by using a reliable transport. Only information that has changed is transmitted. . then the shortest path is used.

Therefore. the peer could be gone without TCP detecting it.cisco. Cisco Systems. the more updates per second could be expected if immediate response was required. A key design goal when BGP was created. BGP is an application protocol that uses the TCP and IP protocols for reliable connections. must be sure that the peer router is still there. In this environment many links could go up and down causing topology changes. causing the IP packets to be lost in a black hole. was to be able to handle enormous amounts of routing information in a very large and complex network. The larger the network is. unless some application data is actually transmitted between the peers. www. Since a reliable transport is used. TCP does not provide the service to signal that the TCP peer is lost. But low convergence time and quick responses to topology changes require fast updates and high CPU power to process both incoming and outgoing updates.com BGP_Overview—Page-9 The reliable transport mechanism used by BGP is the standard TCP protocol. Inc. This makes periodic updates unnecessary and is thus avoided. Cisco Systems. reply with a BGP keepalive packet. BGP Overview 23-9 . BGP takes care of detecting its neighbors presence by periodically sending small BGP keepalive packets to them. Otherwise traffic could be routed towards a next-hop router that is no longer available.Reliable Updates • Uses TCP as transport protocol • No periodic updates • Periodic keepalives to verify TCP connectivity • Triggered updates are batched and ratelimited (every 5 seconds for internal peer. A router which has received reachability information from a BGP peer. where there is no need for BGP to update its peer. In an idle state. Copyright ©1999. every 30 seconds for external peer) © 2000. Inc. according to the BGP specification. the sender will know that the receiver has actually received the transmitted information. The peer router must also. These packets are considered application data by TCP and must therefore be transmitted reliably. This could jeopardize the scalability. which must be considered by the routing protocol.

The batching feature avoids an uncontrolled flood of updates all over the Internet as the amount of updates is throttled by the batching procedure. only the state at the end of the interval is sent in an update.The designers of BGP decided that scalability was a more important issue than low convergence time. Inc. Cisco Systems. only the remaining result is forwarded in an outgoing update. If a network flaps several times during the batch interval. . 23-10 BGP Overview Copyright ©1999. so BGP was designed to batch updates. Any changes received within the batch interval time are saved. At the end of the interval.

Inc. BGP is also used by some very large enterprises as their core routing protocol. Cisco Systems. Cisco Systems.cisco.com BGP_Overview—Page-10 On the following pages. as well as the Internet Service Provider (ISP) networks themselves. some typical scenarios where BGP is usable is described. BGP Overview 23-11 .Common BGP Usages • Customer connected to one Internet Service Provider (ISP) • Customer connected to several Service Providers • Service Provider networks (transit autonomous systems) • Service providers exchanging traffic at an exchange point (CIX. NAP …) • Network cores of large enterprise customers © 2000. GIX. These scenarios include customers connected to one or more service providers. Copyright ©1999. Inc. www.

Single-homed Customers • Large customer or small ISP connecting to the Internet Internet Customer or small Service Provider BGP Service Provider © 2000. A normal Internet access to a single ISP does not require BGP. Cisco Systems. www. static routes are more commonly used to handle this situation. especially if they want to start their business the proper way—by using their own AS number and having their own address space.com BGP_Overview—Page-11 The above scenario where a customer network is connected to the Internet using a single Internet Service Provider is generally not a case where BGP is used. Cisco Systems. 23-12 BGP Overview Copyright ©1999. Inc. Small ISPs buying Internet connectivity from other ISPs use this type of connectivity more often. Inc.cisco. .

For example. Inc. BGP must be used between the customer and the Service Provider.cisco. Inc. Private AS numbers (AS numbers above 64512) are usually used for these customers. using static routes from the service provider toward the customer and using default static route from the customer toward the service provider is the preferred method of provider—customer routing in the Internet. Cisco Systems. usually use BGP with their service provider. the customer networks have multiple links connecting them with the service provider network) and thus need dynamic routing protocol with the service provider to detect link failures. In all other cases. Copyright ©1999.Customer Connected to One ISP Usage Guidelines Use BGP between the customer and the Service Provider: • Customers multi-homed to the same Service Provider • Customer that needs dynamic routing protocol with the Service Provider to detect failures • Hint: Use private AS number for these customers • Smaller ISPs that need to originate their routes in the Internet Use static routes in all other cases • Static routes are always simpler than BGP © 2000. This option is used even when they have a single link with the service provider in order to be prepared for future upgrades. BGP Overview 23-13 . Cisco Systems. when customers are multi-homed to the same service provider (that is.com BGP_Overview—Page-12 Under certain conditions. Customers that plan to connect to more than one ISP. and small ISPs that plan to have multiple Internet connections in the future. www.

Full redundancy is achieved in this setup. If any of the two access links fails. . see the customer’s networks reachable over the path to the other ISP. The customer should avoid forwarding any routing information received from one ISP to the other. Also. including the ISP to which the direct connection has failed. But reachability is still announced over the remaining link. So the Internet will still see all networks within the customer’s autonomous system as reachable. withdraws all of those routes and thus tells the customer’s AS that it can no longer reach the rest of the Internet that way. If the customer fails to avoid that.Multi-homed Customers • Customer connecting to several serviceproviders (multi-homed customer) Internet Service Provider #1 Multi-homed Customer P BG Service Provider #2 BGP © 2000.cisco. but routes received over the remaining link are not affected. Other problems are also handled by this design. The rest of the Internet will. the reachability information previously transmitted of the now failed link will be withdrawn. This is something most customers like to avoid. Both ISPs forward all routes received from Internet to the customer network.com BGP_Overview—Page-13 The above figure illustrates a customer network connected to two different ISPs which requires the use of BGP for full redundancy. The customer must have its own officially assigned AS number. Cisco Systems. The customer is responsible for announcing its own IP networks to both ISPs. So those routes are not withdrawn. The networks in the customer’s AS are still reachable by the ISP in trouble. but that ISP can no longer forward the announcement to the rest of the Internet. which does not have any troubles. A case where both access links are available. 23-14 BGP Overview Copyright ©1999. www. but only over the remaining path. Cisco Systems. then the customer will become a transit provider between the two ISPs. but the connection between one of the ISPs and the rest of the Internet is lost. Inc. But the networks local to the ISP with the problem are still reachable that way. works like this: The ISP. received routes from the Internet will be withdrawn when the link fails. Inc. So the Internet. is still reachable over the remaining link. which has the problem to reach the rest of the Internet. however.

most multi-homed customers use BGP with their service providers s The multi-homed customers must have their own AS number and it is recommended to use a public AS number s Multi-homed customers should use a providerindependent address space which is allocated to them directly by an Internet registry. Inc. s Copyright ©1999.Multi-homed Customer Usage Guidelines • BGP is almost mandatory for multi-homed customers • Multi-homed customers have to use public AS numbers • Multi-homed customers should use provider-independent address space © 2000. Cisco Systems. Inc. Cisco Systems.cisco. www.com BGP_Overview—Page-14 The following usage guidelines apply to multi-homed customers: Although there are designs where BGP could be avoided. BGP Overview 23-15 .

as explained in the BGP Transit Autonomous System lesson. . If the already established ISPs want to. peer-to-peer.com BGP BG P BGP_Overview—Page-15 BGP is used most commonly in service provider networks that ensure connectivity between their customers and the rest of the Internet. ISPs also interconnect at exchange points. A transit AS is an AS that exchanges BGP routing information with other ASes and forwards information received from one AS to other ASes. user data traffic starts to flow between the customers and the rest of the Internet.cisco. as well as in the other direction. These connections are sometimes called private peering. POS. Cisco Systems. The transit AS must be prepared to relay the user data.Transit Autonomous System • Using BGP to exchange routes is mandatory for transit autonomous systems (provider networks carrying customer traffic) Internet Multi-homed Customer BGP Another Service Provider Simple Customer Static Routing Service Provider (Transit AS) © 2000. The ISP networks could have dedicated peer-to-peer connections. an exchange point is just a multi-access subnet: a LAN (for example. www. An ISP might exchange BGP updates with the customers or use static routing toward them. Many ISPs can connect to an exchange point and establish BGP sessions. packet over SONET. Inc. providing transit services to traffic originated in other networks. the receiver will see an available path to a destination and start transmitting user data towards the destination using that path. As a result. Technically. Inc. when a new ISP is launched. 23-16 BGP Overview Copyright ©1999. a Gigabit Ethernet switch. a DTP ring or an ATM switch. using. for example. they start exchange routing information and then user data traffic over the exchange point. a Fast Ethernet switch or a FDDI switch). The benefit of an exchange point is that it is highly scalable. There is no need for additional physical interfaces in the ISPs border router. It also connects to other ISPs and is required to forward the routes received from the customers to the rest of the Internet. Cisco Systems. they can open a BGP session with the new ISP. When routing information is forwarded. is thus called a transit autonomous system. When this is done. Such a network.

cisco. If an AS acts as a transit AS for some other AS. the IP packets created and transmitted from the other AS are not treated differently from the IP packets created and transmitted from the local AS. If the local AS has decided that the best path to reach a certain destination is via a specific next-hop router.BGP Limitations • BGP and associated tools cannot express all routing policies • You cannot influence the routing policies of downstream autonomous systems RFC 1771: “BGP does not enable one AS to send traffic to neighbor AS intending that the traffic take a different route from that taken by traffic originating in the neighbor AS” © 2000. BGP Overview 23-17 . Cisco Systems.com BGP_Overview—Page-16 BGP forwarding decisions are made based on IP destination address only. www. Inc. The decision is made based on destination address only. then all user data traffic towards the final destination will be routed via that specific next-hop router. the source IP address does not effect the decision. Cisco Systems. Copyright ©1999. regardless of which IP host has sourced the IP packets. Inc.

Cisco Systems.com BGP_Overview—Page-17 This figure lists some of the RFC standard documents covering BGP version 4.RFCs Covering Baseline BGP4 1930 1774 1773 1772 1771 1745 1675 Guidelines for creation. and registration of an Autonomous System BGP-4 Protocol Analysis Experience with the BGP-4 protocol Application of the BGP in the Internet A Border Gateway Protocol 4 (BGP-4) BGP4/IDRP for IP---OSPF interaction BGP MIB © 2000. selection. Inc. Cisco Systems. . www.cisco. 23-18 BGP Overview Copyright ©1999. Inc.

Inc. Cisco Systems. www. BGP Overview 23-19 . covering additions to BGP4. Cisco Systems. Copyright ©1999.cisco. Inc.RFCs Covering Additions to BGP4 1965 Autonomous System Confederations for BGP 1997 BGP Communities Attribute 1998 An Application of the BGP Community Attribute in Multi-home Routing 2385 Protection of BGP sessions via the TCP MD5 Signature Option 2439 BGP Route Flap Damping 2796 BGP Route Reflection An alternative to full mesh IBGP © 2000.com BGP_Overview—Page-18 This figure lists additional RFC documents.

23-20 BGP Overview Copyright ©1999. Inc.com BGP_Overview—Page-19 This figure lists RFC documents covering extensions to BGP-4. Inc.RFCs Covering BGP Extensions 2842 Capabilities Advertisement with BGP-4 2858 Multiprotocol extensions for BGP-4 2918 Route Refresh Capability for BGP-4 © 2000. . Cisco Systems.cisco. Cisco Systems. www.

a well-known and widely proven protocol. as any update that should be sent to many receivers has to be multiplied into several copies. but it put an extra load on the CPU or the routers running BGP. Inc.CPU intensive • Scalability is the top priority . Batching of updates and the relative low frequency of keepalive packets are examples where convergence time has been second to scalability. The point-to-point nature of TCP might also introduce a slight increase in network traffic. which are then transmitted on individual TCP sessions to the receivers. Whenever there was a design choice between fast convergence and scalability. also known as Routing Domains. www.cisco. Cisco Systems. scalability was the top priority. Copyright ©1999. which can forward reachability information between Autonomous Systems. They had to consider an environment with an enormous amount of reachable networks and complex routing policies driven by commercial rather than technical considerations. That decision kept the BGP protocol simple.Protocol Development Considerations BGP was designed to perform well in • Interdomain Routing application • Huge internetworks with large routing tables • Environments that require complex routing policies Some design tradeoffs that were made • BGP uses TCP for reliable transport .com BGP_Overview—Page-20 The designers of the BGP protocol have succeeded in creating a highly scalable routing protocol. Inc. was chosen as the transport mechanism. Cisco Systems. TCP. BGP Overview 23-21 .slower convergence © 2000.

BGP is an enhanced distance vector protocol with reliable transport provided by TCP. routing based on source address or application) cannot be implemented with BGP. BGP implementation in Cisco IOS has a number of features and tools that allow you to express your desired routing policy.Summary Well-known IP routing protocols. These protocols (also called interior routing protocols) are not suitable for environments where other reasons beyond technical optimality control the route selection or where the routing information received from neighboring routers cannot be trusted. the Internet). Cisco Systems. Review Questions s s What is an autonomous system? What are the design goals of an interdomain When should you use BGP between a customer Which transport mechanism is used to exchange What is BGP optimized for? routing protocol? s and a Service Provider? s the BGP routing updates? s 23-22 BGP Overview Copyright ©1999. . where all routers share the same routing policy and where each router can trust the routing information received from other routers. exchange of routing updates between ISPs and internal routing inside the ISP networks. Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP) perform well within the scope of a single administration (also called autonomous system). These cases require the use of exterior routing protocol. Nevertheless. Border Gateway Protocol (BGP) being the only one widely used today. It is widely used for Internet connectivity of multi-homed customers. BGP is sometimes also used in large enterprise networks that have exceeded the scalability of an interior routing protocol. a rich set of metrics called BGP path attributes and scalability features such as batched updates that make it suitable for very large networks (for example. BGP is still bound by the IP forwarding paradigm—the hop-by-hop destination-only routing. Routing policies that deviate from this paradigm (for example. ranging from Routing Information Protocol (RIP). Inc.

Origin and optional BGP attributes s attributes s Next-Hop attributes Copyright ©1999. Cisco Systems. you will be able to perform the following tasks: s s Describe the concept of BGP path attribute Explain the difference between well-known and List common mandatory and optional BGP Describe the functionality of AS-Path.BGP Path Attributes Objectives Upon completion of this section. BGP Overview 23-23 . Inc.

These could be attributes specified in a later extension of the BGP protocol or even private vendor extensions not documented in a standard document. Some of the attributes are required to be recognized by all BGP implementations. Inc. Attributes that are not well known are called optional.cisco. Those attributes are called well-known BGP attributes. Inc. Cisco Systems. 23-24 BGP Overview Copyright ©1999. www. Cisco Systems.BGP Path Attributes • BGP metrics are called path attributes • BGP attributes are categorized as wellknown and optional • Well-known attributes must be recognized by all compliant implementations • Optional attributes are only recognized by some implementations (could be private). .com BGP_Overview—Page-24 Each BGP update consists of one or more IP subnets and a set of attributes attached to them. expected not to be recognized by everyone © 2000.

www. The router then makes a decision which source indicates the best path to the particular IP subnet. along with its well-known attributes. are called well-known discretionary attributes. These three are the next-hop. Inc. Other well-known attributes may or may not be present depending on the circumstances under which the updates are sent and the desired routing policy.cisco. to other BGP speaking neighbors. They are referred to as well-known mandatory attributes. When a router receives a BGP update. Cisco Systems. Copyright ©1999. but are not required to be present. AS-path and origin attributes. The best route is propagated. it will analyze the attached attributes and compare them with the attributes attached to the same IP subnet when received from a different source.com BGP_Overview—Page-26 There is a small set of three specific well-known attributes that are required to be present on every update. Cisco Systems.they could be present in update messages • All well-known attributes are propagated to other neighbors © 2000. The well-known attributes that could be present.Well-known BGP Attributes • Well-known attributes are divided into mandatory and discretionary • Well-known mandatory attributes must be present in all update messages • Well-known discretionary attributes are optional . BGP Overview 23-25 . Inc.

the router checks if its implementation recognizes the particular attribute. although not recognized by the router. Other attributes might be of no value to upstream routers if some router in the path does not recognize them. Inc.Optional BGP Attributes • Optional BGP attributes are transitive or nontransitive • Optional transitive attributes • Propagated to other neighbors if not recognized. 23-26 BGP Overview Copyright ©1999. it will set an additional bit in the attribute header. the BGP implementation should look for the transitive bit in the attribute code. might still be helpful to other upstream neighbors and shall be propagated. . Cisco Systems.cisco. Cisco Systems.com BGP_Overview—Page-27 When a router receives an update. to indicate that at least one of the routers in the path did not recognize the meaning of an optional transitive attribute. If a router propagates an unknown optional transitive attribute. www. then the router should know how to handle it and whether to propagate it or not. Inc. These attributes (called optional transitive attributes) are propagated even when they are not recognized. Some attributes. These attributes (called optional non-transitive attributes) are dropped by routers that do not recognize them. which contains an optional attribute. If it does. If the router does not recognize the attribute. Partial bit set to indicate that the attribute was not recognized • Optional non-transitive attributes • Discarded if not recognized • Recognized optional attributes are propagated to other neighbors based on their meaning (not constrained by transitive bit) © 2000. called the partial bit.

can therefore be tracked using the AS-path attribute. It is used to indicate the IP address of the next-hop router—the router to which the receiving router should forward the IP packets toward the destination advertised in the routing update. s Copyright ©1999. Each time the route crosses an AS boundary the transmitting AS prepends its own AS number to appear first in the AS-path. was used when the Internet was migrating from EGP to BGP and is now obsolete.cisco. If information about an IP subnet is injected using the network command or via aggregation (route-summarization within BGP) the origin attribute is set to IGP. s The AS-path attribute is modified each time the information about a particular IP subnet passes over an AS border.Well-known Mandatory Attributes • Origin • Specifies the origin of a BGP route IGP EGP Unknown Route originated in an IGP Route originated in EGP Route was redistributed into BGP • AS_Path • Sequence of AS numbers through which the network is accessible • Next_Hop • IP address of the next-hop router © 2000. the origin attribute is set to unknown or incomplete (these two words have the same meaning). The origin attribute is set when the route is first injected into the BGP. s The next-hop attribute is also modified as the route passes through the network. When the route is first injected into the BGP the AS-path is empty. AS-path and next-hop. Cisco Systems. Inc. If the IP subnet is injected using redistribution. Inc. The sequence of Ases. EGP.com BGP_Overview—Page-28 The three well-known mandatory attributes are origin. BGP Overview 23-27 . The origin code. Cisco Systems. www. through which the route has passed.

Since all routers within the AS get the attribute along with the route.com BGP_Overview—Page-29 Well-known discretionary attributes must be supported by all BGP implementations. A route with a high local preference is preferred over a route with a low value. routes received from peer AS are tagged with the local preference set to the value 100 before they are entered into the local AS. By default. . If this value is changed through BGP configuration. www. Inc. s The Atomic Aggregate attribute is attached to a route that is created as a result of route summarization (called aggregation in BGP). the BGP selection process is influenced. It signals that information that was present in the original routing updates may have been lost when the updates where summarized into a single entry.cisco. Local Preference is used in the route selection process. Inc. They are used when their functions are required. The attribute is carried within an AS only. a consistent routing decision is made throughout the AS. but do not have to be present in all BGP updates. Cisco Systems.Well-known Discretionary Attributes • Local preference • Used for consistent routing policy within AS • Atomic aggregate • Informs the neighbor AS that the originating router aggregated routes © 2000. Cisco Systems. s 23-28 BGP Overview Copyright ©1999.

www. The community value can then be checked at other points in the network for filtering or route selection purposes. Transitive optional attributes include: Aggregator identifies the AS and the router within that AS that created a route summarization. Inc. s A Community is a numerical value that can be attached to certain routes as they pass a specific point in the network. Cisco Systems. multi-exit-discriminator may be used by one AS to tell the other AS to prefer one of the links over the other for specific destinations. aggregate. Inc. Whenever there are several links between two adjacent ASes.cisco. Cisco Systems.com BGP_Overview—Page-30 One of the non-transitive optional attributes is the Multi-Exit-Discriminator (MED) attribute which is also used in the route selection process.Optional Attributes • Non-transitive attributes • Multi_Exit_Disc – Used to discriminate between multiple entry points to a single autonomous system • Transitive attributes • Aggregator – Specifies IP address and AS number of the router that performed route aggregation • Communities – Used for route tagging © 2000. BGP configuration may cause routes with a specific community value to be treated differently than others. s Copyright ©1999. BGP Overview 23-29 .

The AS that originally injected the route into BGP is always found in the rightmost end of the AS-path. it will check the AS-path attribute and look for its own AS number. s It is easy to distinguish local routes from routes received from other autonomous systems—BGP routes with an empty ASpath are injected into BGP within the local AS. the AS-path is empty. Inc. 23-30 BGP Overview Copyright ©1999. www. Inc. When the route is first injected into the BGP. the route is silently ignored. To avoid this.cisco. If it is found in the AS-path. s The AS-path attribute is also used to avoid routing loops. Cisco Systems. then the route has already crossed the local AS and obviously the router is faced with a routing information loop. When a router receives a BGP update.AS-Path • The AS-path attribute is empty when a local route is inserted in the BGP table • The sender’s AS number is prepended to the AS-path attribute when the routing update crosses AS boundary • The receiver of BGP routing information can use the AS-path to determine through which AS the information has passed • An AS that receives routing information with its own AS number in the AS-path silently ignores the information © 2000. The local AS number is prepended to the AS-path each time the route crosses AS boundary. Cisco Systems. There are several consequences of this behavior: When examining BGP routes.com BGP_Overview—Page-31 The AS-path attribute is modified each time the information about a particular IP subnet passes over an AS border. the AS-path can be interpreted as the sequence of ASes that must be passed through in order to reach the indicated network. .

0. the AS number 123. Inc. To avoid a routing loop.0. The AS number 123 consequently never appears in the AS-path as long as the route is still within AS123.0. since nothing is really wrong.0.0.0. When the routing update about network 10.com BGP_Overview—Page-32 The figure above shows how the BGP loop prevention works.0.0/8 is sent from AS 123 to AS21.0. The router in AS21 propagates the information about the network 10.0.0. resulting in an AS-path consisting of the sequence of 21 123. Copyright ©1999.0/8) via AS37. Cisco Systems. As it is sending the BGP update to AS37. BGP Overview 23-31 . 37. BGP has a built in mechanism where the router in AS123 drops the incoming update as soon as it finds its own AS in the AS-path.0.0/8 AS-Path=37 21 123 Loop detected.cisco.0.1 10. the AS-path.0/8 AS-Path=123 Network=10.0. The router in AS123 injects the route 10.AS-Path Example AS 21 AS 123 Network=10. is prepended to the empty AS-path.1 Network=10.0/8 is local to AS123.0. The network 10. Cisco Systems.0.0/8 to AS37. No error will be signaled.0.0. where AS123 might try to reach its own network (10. The sending router does the prepending as part of the outgoing BGP update processing.0. resulting in an AS-path consisting of only 123.0/8 into BGP with an empty AS-path.0. AS37 also propagates the received route to AS123.0/8 AS-Path=21 123 21. incoming update is ignored Sender’s AS number is prepended to AS path when the update crosses AS boundary © 2000. It is merely the procedure used by BGP to avoid a routing information loops.1 AS 37 www.0.0.0. Inc. it prepends its own AS number to the AS-path.

where the next hop IP address points to a third router. Inc.cisco. Cisco Systems. Inc. Cisco Systems. There are cases. the sending router sets the next-hop attribute to its own IP address. however. In most cases.Next-Hop Attribute • Next-hop attribute indicates the next-hop IP address used for packet forwarding • Usually set to the IP address of the sending BGP router • Can be set to a third-party IP address to optimize routing © 2000. .com BGP_Overview—Page-33 The BGP next-hop attribute identifies the IP address that should be used to forward packets toward the destination announced in the BGP routing update. 23-32 BGP Overview Copyright ©1999. www.

0.1 AS 21 AS 123 10.1. Should RTR-A need to forward packets toward network 10.0/8 to RTR-C.0. The outgoing IP address of RTR-B (the address used to establish BGP TCP session) is used as the BGP next hop.0.0.0/8.0. s RTR-A receives the routing update and installs it in its BGP table and routing table.1 (RTR-B) s When RTR-A propagates the information about Rtr-B Rtr-A 10. it sets the BGP next hop to its own IP address.0. it would send those packets toward the IP address 10.0.0/8 to RTR-A. Rtr-C AS 37 • Next-hop is usually set to the IP address of the sending router © 2000.0/8 AS-Path=21 Next-hop = 10. Cisco Systems. Inc.0.0.cisco.6 AS-Path=123 21 Next-hop = 10.0.1. BGP Overview 23-33 . Cisco Systems.5 Network=21.0. www. s Copyright ©1999.Next-Hop Processing Network=21.com BGP_Overview—Page-34 The figure above shows the usual next-hop processing: RTR-B announces network 21. Inc.2 10.0.0.

0.Next-Hop Processing on Shared Media Network=21. 23-34 BGP Overview Copyright ©1999. Cisco Systems.0.0.0. Inc.0.0. Cisco Systems.0/8 AS-Path=21 Next-hop = 10.0. the packets from AS 37 toward network 21. .0/8 would have to cross the shared LAN twice.1 10. Inc. In the figure above.cisco.0.0.2 10.1 AS 21 AS 123 10.0.1 Rtr-B Rtr-A Network= to RTR-C with the BGP next-hop being RTR-A. otherwise it is changed to the IP address of the sending router.0. RTR-A thus sends the routing update toward RTR-C with the BGP next-hop unchanged (still pointing toward RTR-B). if the RTR-A announces the network 21.0/8 AS-Path=123 21 Next-hop = 10.0. the next-hop address is not changed to optimize packet forwarding © 2000.com BGP_Overview—Page-35 The next-hop processing changes if the BGP routers connect to a shared subnet. allowing optimal data transfer across the shared LAN.0. Note More formally. www. the BGP next-hop rule states: If the current BGP next-hop is in the same IP subnet as the receiving router.0.0. the nexthop is not changed.0.3 Rtr-C AS 37 • If the receiving BGP router is in the same subnet as the current next-hop.

There are two ways to solve the connectivity loss introduced by this design: Use the subinterfaces on RTR-A to make sure that RTR-B and RTR-C are in different subnets (and BGP next-hop processing would ensure that RTR-A is the BGP next-hop in the outgoing BGP updates) s Disable the BGP next-hop processing on RTR-A (this option is strongly discouraged in normal BGP designs—routing problems should be solved with proper design.0. a LAN subnet). the network diagram above: RTR-A will send routing update about network Network=21.Next-Hop Processing on NBMA Network Network=21.0.0.com BGP_Overview—Page-36 BGP next-hop processing results in optimum data transfer over shared media (for example. As there is no direct connection (virtual circuit) between RTR-C and RTR-B.1 AS 21 AS 123 10.0/8 to RTR-C with RTR-B being the next-hop (as they are all in the same subnet).0.0/8 AS-Path=21 Next-hop = for example.1 Rtr-C AS 37 • BGP next-hop processing can break connectivity with improper network designs over partially-meshed WAN networks © 2000. and RTR-C tries to send packets directly toward RTR-B. Cisco Systems.0. the connectivity between AS 37 and AS 21 is broken. not the other way round). Consider.0.0.1 Connectivity is broken.0. the BGP next-hop processing can break IP connectivity.0.cisco.0.0.1 Rtr-B Frame Relay 10. BGP Overview 23-35 . Inc. www. s Copyright ©1999.0/8 AS-Path=123 21 Next-hop = 10.2 Rtr-A 10.0. Cisco Systems.0. In partially meshed networks (like Frame Relay). Inc. Rtr-C cannot reach next-hop 10.

which the routing update has already crossed. www. Some of the well-known attributes are mandatory and have to be present in every BGP update. s 23-36 BGP Overview Copyright ©1999. which specifies the IP address that is to be used for packet forwarding. dropped if not • Multi-exit-discriminator © 2000. next-hop and origin. which lists the autonomous systems. The BGP attributes used in every BGP network are: AS-path. Inc. BGP next-hop is usually set to the IP address of the BGP router sending the update. These attributes could be transitive (propagated if not recognized) or non-transitive. These attributes are AS-path. Some path attributes are well known and should be recognized by every BGP implementation. AS-path is used for BGP loop detection as well as one of the parameters in BGP route selection. which was primarily used in EGP to BGP migration. If the current next-hop and the receiving router are in the same IP subnet. Atomic Aggregate Optional transitive • Might not be recognized. s Origin.com BGP_Overview—Page-37 BGP metrics attached to a BGP route are called path attributes. Cisco Systems. optional • Local Preference. Inc. Next-Hop. Other well-known attributes are discretionary—for example local preference. Today the origin attribute has the value internal for routes configured in BGP by the network administrator or unknown for routes redistributed into BGP. s Next-hop. propagated if not • BGP Community. Origin Well-known discretionary • Recognized by everone. the next-hop is not changed to optimize the actual data forwarding. The attributes that are not required to be recognized by every BGP implementation are called optional. Cisco Systems. Aggregator Optional non-transitive • Might not be recognized.Summary BGP Path Attribute Summary Well-known mandatory attributes • Recognized by everone. always present • AS-Path. .cisco.

Review Questions s s What is a BGP Path Attribute? Which BGP Path Attributes must be carried with List three well-known mandatory attributes? each update? s s How are the optional transitive attributes propagated between BGP neighbors? s s How do the BGP routers detect routing loops? When is the next-hop attribute different from the IP address of the sending router? Copyright ©1999. Inc. Cisco Systems. BGP Overview 23-37 .

.BGP Neighbor Configuration and Session Establishment Objectives Upon completion of this section. you will be able to perform the following tasks: s s Explain the need for static neighbor configuration Describe the BGP session establishment Describe the TCP MD5 signature protection and procedures s its benefits for BGP 23-38 BGP Overview Copyright ©1999. Inc. Cisco Systems.

Inc. Cisco Systems. Two parallel BGP sessions between two routers are not allowed. Inc. BGP has no means of auto-detecting neighbors. not the IP addresses used for the sessions.they must be configured manually • Configuration must be done on both sides of the connection • Both routers will attempt to connect to the other with a TCP session on port number 179 • Only one session will remain if both connection attempts succeed • Source IP address of incoming connection attempts is verified against a list of configured neighbors www. A side effect to this is that they will both attempt to connect. This means that the two routers will recognize that they have multiple sessions even though they might be connected over different IP subnets. BGP_Overview—Page-42 Unlike other routing protocols.cisco. which must be opened from one router to the other. In order to succeed in the connection attempts. both routers will recognize the problem and one of the sessions is torn down. The IP source address of the connection attempt packet (TCP SYN packet) is verified against the list of IP addresses that the router itself would direct its connection attempts to. Cisco Systems.BGP does not Auto-discover Neighbors • BGP neighbors are not discovered . The BGP protocol is carried in a TCP session. both routers are required to be configured to reach each other. BGP Overview 23-39 . In order to do so. but it also introduces the risk that two BGP sessions are established between a pair of BGP routers.com © 2000. The router that receives the incoming connection attempts does not answer them if the attempts are not from one of the configured neighbors. the router attempting to open the session must be configured to know to which IP address to direct its attempts. Copyright ©1999. If this happens. The router-ID is used for this verification. This side effect adds robustness to the session establishment process.

www.0.4.0. Inc.5 AS 123 1.cisco.4.7 3. Cisco Systems.0/8 2.6 Rtr-B Rtr-A 3.Small BGP Network Used in Following Examples AS 21 21.0/8 2.3.6 Rtr-C AS 37 37.0/8 © 2000.0.0.0. Inc.4.com BGP_Overview—Page-43 The network displayed above serves as the sample network to generate printouts in the following examples.5. 23-40 BGP Overview Copyright ©1999.4. Cisco Systems. .5.0.3.

cisco.BGP Neighbors .6 V V 4 4 4 4 AS MsgRcvd MsgSent TblVer AS MsgRcvd MsgSent TblVer 21 0 0 0 21 0 0 0 37 0 0 0 37 0 0 0 InQ OutQ Up/Down InQ OutQ Up/Down 0 0 never 0 0 never 0 0 never 0 0 never State State Idle Idle Idle Idle © 2000. some counter values.5. www.3. the status of the session and how long ago the session changed state. Cisco Systems.4. The IP address to which the connection attempts are directed is shown.4. BGP Overview 23-41 .4. The idle state indicates that the router is currently not attempting any connection establishments. Inc. the remote AS number. Each configured neighbor is listed. along with BGP version number.6 3.3.Idle State • Initially all BGP sessions to the neighbors are idle Rtr-A#show ip bgp sum Rtr-A#show ip bgp sum BGP table version is 1. Copyright ©1999. main routing table version 1 Neighbor Neighbor 2. Inc.5 3.com BGP_Overview—Page-44 The show ip bgp summary command gives an overview of the BGP status.4. Cisco Systems.5.5 2. main routing table version 1 BGP table version is 1.

5 went from OpenConfirm to Established 0:06:22: BGP:] 0:06:22: TCP0: state was CLOSED -> SYNSENT [11003 -> 2.3.5 went from OpenSent to OpenConfirm 0:06:22: BGP: 2. The local router now verifies the peer router’s parameters in its open message.3.3. Inc. MSS is 1460 1460 0:06:22: TCB0012A910 connected to] 0:06:22: TCP0: state was SYNSENT -> ESTAB [11003 -> 2. advertising MSS 1460 0:06:22: TCP0: state was CLOSED -> SYNSENT [11003 -> 2. MSS is 0:06:22: TCP0: Connection to 2.3.4. The debug output shows how the router creates a socket data structure and binds it to its local IP address 2.4.5:179. For a BGP session between two routers in different ASes.179 0:06:22: TCB0012A910 connected to 2.5(179)] 0:06:22: TCP0: state was SYNSENT -> ESTAB [11003 -> 2. seq 3142900499.4.4.4. the BGP peer relation must have left the Idle state and entered the Active state.4.5:179.4. seq 3142900499.3. Inc.5 went from Idle to Active 0:06:17: BGP: 2.5(179)] 0:06:22: TCP0: Connection to 2. If the peer router accepts the parameters in the open message. went from OpenConfirm to Established © 2000.4. ack 0 0:06:22: TCP: sending SYN.4.5 and the wellknown destination port 179.5.5:179.4.5 went from Idle to Active 0:06:22: TCB0012A910 created 0:06:22: TCB0012A910 created 0:06:22: TCB0012A910 setting property 0 12A8B4 0:06:22: TCB0012A910 setting property 0 12A8B4 0:06:22: TCB0012A910 bound to 2. received MSS 1460.5.5 went from Active to OpenSent 0:06:22: BGP: Session • TCP session is established when the neighbor becomes reachable • BGP Open messages are exchanged Rtr-A#debug ip tcp transactions Rtr-A#debug ip tcp transactions Rtr-A#debug ip bgp events Rtr-A#debug ip bgp events 0:06:17: BGP: 2.3. a keepalive packet is sent to signal this.4. state goes from OpenSent to OpenConfirm. The first BGP information sent is the BGP open message.179 0:06:22: BGP: 2. advertising MSS 1460 0:06:22: TCP0: Connection to 2. Cisco Systems.4. received MSS 1460. 0:06:22: TCB0012A910 bound to 2.4.5:179. 23-42 BGP Overview Copyright ©1999.3.cisco. The connection attempt succeeds and the TCP session is now ready to transfer the BGP information. this happens when the remote router’s IP address becomes reachable on a directly connected interface.3.3. . The BGP session now goes from state Active to state OpenSent while waiting for the other router to respond. If they are accepted.com BGP_Overview—Page-45 Before any connection attempt is made.3. www.3. When the local router receives this message.3.3. State is now Established.4. ack 0 0:06:22: TCP0: Connection to 2. it responds with its own open message. Then a TCP SYN packet is sent to the configured peer router’s IP address 2.4. Cisco Systems.4.5 went from OpenSent to OpenConfirm 0:06:22: BGP: 2.6 and a high port number 11003.3.11003 0:06:22: TCP: sending SYN.5 went from Active to OpenSent 0:06:22: BGP: 2.3.

BGP Open
The BGP Open message contains:
• BGP Version number • My Autonomous System number • Hold Time • BGP Router Identifier • Optional Parameters

© 2000, Cisco Systems, Inc.



The parameters in the BGP open message are: Version number—the suggested version number. The highest common version that both routers support will be used. Most BGP implementations today use BGP version 4.

AS number—the local router’s AS number. The peer router will verify this information. If it is not the AS number expected the BGP session is torn down.

Hold time—the number of seconds that may elapse between receptions of successive BGP messages. If the time is exceeded the peer will be considered dead. The two routers will agree to use the lowest suggested value. When the session is established, both routers will use keepalive messages to make sure the hold timer does not expire. A suggested hold-timer value of 0 indicates that the timer never expires and no keepalives should be sent.

BGP identifier—a number uniquely identifying the router. The Cisco router will use one of its IP addresses for this, the Router-ID. This is selected as the numerically highest IP address of any loopback interface. If there is no loopback interface, it will use the highest IP address of any interface being up at the time of starting the BGP process.

Optional Parameters—are Type-Length-Value encoded. An example of optional parameters is session authentication.

Copyright ©1999, Cisco Systems, Inc.

BGP Overview


BGP Neighbors - Steady State
• All neighbors shall be up (no state info)

Rtr-A#show ip bgp sum Rtr-A#show ip bgp sum BGP table version is 10, main routing table version 10 BGP table version is 10, main routing table version 10 3 network entries (3/6 paths) using 516 bytes of memory 3 network entries (3/6 paths) using 516 bytes of memory 3 BGP path attribute entries using 284 bytes of memory 3 BGP path attribute entries using 284 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Neighbor Neighbor V V 4 4 4 4 AS MsgRcvd MsgSent AS MsgRcvd MsgSent 21 17 22 21 17 22 37 11 17 37 11 17 TblVer TblVer 10 10 10 10 InQ OutQ Up/Down InQ OutQ Up/Down 0 0 0:01:47 0 0 0:01:47 0 0 0:07:07 0 0 0:07:07 State/PfxRcvd State/PfxRcvd 27 27 35 35

© 2000, Cisco Systems, Inc.



Once the BGP sessions are in the Established state routing information exchange can take place. The show ip bgp summary output indicates that a session is established by not displaying any information at all in the state column. The counter values show how many messages that have been received and sent on the session. InQ shows how many messages that have been received but not yet processed. A high InQ number indicates lack of CPU resources to process the input. OutQ shows how many outgoing messages that are queued. A high OutQ number indicates lack of bandwidth to transmit the outgoing messages or CPU overload of the other router. Table version is used to track the changes that need to be sent to the neighbors. There is a major table version number for the local BGP table. This is displayed on the first line of output from this show command. There is also one table version number maintained for each of the neighbors. This is displayed on the neighbors’ information line. Whenever a change is entered into the BGP table, the major table version number is incremented and the changed route is tagged with this number. When the time comes to update a specific neighbor, the BGP table is scanned and all the changes with the version numbers between the neighbor version and current table version are sent to the BGP neighbor in a single BGP routing update. Once the entire table is scanned and all changes have been sent to the neighbor, the table version number of the neighbor is set to the highest value of the routes being sent. A table version of a neighbor, which is lower than the major table version, indicates that the neighbor is not yet fully updated. The update interval for a neighbor in another AS is normally 30 seconds.


BGP Overview

Copyright ©1999, Cisco Systems, Inc.

In addition to the information about all sessions to all neighbors, the output also shows the amount of memory being used for the BGP data structures.

Copyright ©1999, Cisco Systems, Inc.

BGP Overview


then the receiver can be pretty sure that the information is transmitted from the correct source and the information has not been altered. Cisco Systems. Inc. Inc. 23-46 BGP Overview Copyright ©1999. every TCP segment on the BGP session will be transmitted along with a checksum.cisco. calculates the same checksum from the TCP segment. Cisco Systems. which is using the same common secret.MD5 Authentication • BGP Peers may optionally use MD5 TCP authentication using shared secret • Both routers must be configured with the same password (MD5 shared secret) • Each TCP segment is verified © 2000. If MD5 authentication is being used. The checksum is calculated together with a secret known by the two routers using the MD5 algorithm. . The common secret is never transmitted on the network.com BGP_Overview—Page-48 Authentication between BGP neighbors can be negotiated using optional parameters in the Open Message. Authentication of BGP sessions is a vital tool to avoid denial of service attacks. www. If the receiver.

Review Questions s s How are BGP neighbors discovered? Which steps must be taken before a BGP session Which information is carried in a BGP Open What are the benefits of using MD5? is established? s message? s Copyright ©1999. once configured. Cisco Systems. the two BGP neighbors sign every TCP segment with an MD5 checksum which is based on the contents of the segment and a shared secret that is never exchanged across the network. which contains the parameters each BGP router proposes to use. BGP Overview 23-47 . the neighbors have to be configured manually to increase the routing security. Inc. Once these parameters are acceptable to both neighbors. BGP neighbors.Summary When using interior routing protocols. In BGP. With the MD5 authentication configured. An optional MD5 authentication can be used to prevent spoofing. denial-ofservice attacks or man-in-the-middle attacks. the BGP routing updates can start to flow. establish a TCP session and exchange the BGP Open message. adjacent routers are usually discovered through a dedicated hello protocol.

Inc. . you will be able to perform the following tasks: s s Describe BGP data structures Explain how BGP announces networks local to Describe the processing of incoming BGP Explain the BGP route selection process Describe the propagation of the best BGP routes an Autonomous System s updates s s to other BGP neighbors 23-48 BGP Overview Copyright ©1999.BGP Routing Updates Objectives Upon completion of this section. Cisco Systems.

Cisco Systems. Inc. Cisco Systems. Inc. www.com BGP_Overview—Page-53 The actions taken by BGP after the session is established will be described in the following figures. Copyright ©1999. BGP Overview 23-49 .cisco.BGP in Action BGP routing information exchange contains the following steps: • Receiving BGP routing updates • Building BGP table • BGP Route selection • BGP Route propagation • Building IP routing table • Advertising local networks © 2000.

4. Cisco Systems. path 21 metric 0 next hop 2. AS-path and origin attributes must always be present. Metric is the multi-exitdiscriminator value. .3.0/ 23-50 BGP Overview Copyright ©1999.4. The AS-path 21 37 indicates that the final destination is in AS37 but the packets have to pass through AS21 in order to get there.3. Inc.0.5 rcv UPDATE about path 21 metric 0 1:24:11: BGP: nettable_walker 21.0.0 -denied denied 1:24:11: BGP: The nexthop. path 21 37 metric 0 next hop 2.0.5 Cisco Systems. next hop 2. Other BGP attributes are optionally present. calling revise_route revise_route 1:24:11: BGP: revise route installing 21.0 -1:24:11: BGP: 2.0.0 calling 1:24:11: BGP: nettable_walker 21. www. rcv UPDATE about 21.5. Inc.0 255.0 255.0.3. 1:24:11: BGP: path 21 37 metric 0 1:24:11: BGP: 2.0/ rcv UPDATE about 37.0.0/8 can be forwarded to the next-hop address 2.0. The neighbor indicates that IP packets to destination IP addresses in network 37.0.0 255.5 rcv UPDATE about 37. next hop The debug output shows how information about network 37.0 255.0/255.5.0. Each BGP routing update consists of one or more entries (routes). is received from neighbor 1:24:11: BGP: © 2000.cisco. Each route is described by the IP address and subnet mask along with any number of attributes.5 rcv UPDATE about 255.com BGP_Overview—Page-54 Once the BGP session is established.0 -> 2.Receiving Routing Update • Information from the BGP tables is exchanged after adjacency establishment Rtr-A#debug ip bgp update Rtr-A#debug ip bgp update 1:24:11: BGP: 2.0. routing updates start to arrive. -> 1:24:11: BGP: revise route installing 21.0.5 rcv UPDATE about 21.0

Therefore.5 2.3. Inc. h history.0. ? .0.0 1. The network number is displayed only on the first lines indicating the same network.0.5. The command show ip bgp gives an overview of all received routing information from all neighbors.0. i . ? . BGP Overview 23-51 .6 2.2.0 21. h history.0.EGP.Building BGP Table • All inbound updates are placed into the BGP table Rtr-A#show ip bgp Rtr-A#show ip bgp BGP table version is 16.0.5.IGP.0 0.3. Only one of the alternatives is selected as the best path toward the destination.incomplete *> *> * * *> *> *> *> * * Network Network 1.cisco. The network column is left blank on the consecutive lines indicating alternatives to reach the same network. If that alternative is later lost.com BGP_Overview—Page-55 All routes received from a neighbor are saved in the router’s memory. When there is more than one way to reach a particular network the local router selects one of them as the best.2.4 Status codes: s suppressed.0. Basic information about each route is displayed on a single line.0.0.0. the remaining alternatives are still stored in memory and a new alternative is selected as the best without involving other BGP routers. e .incomplete Origin codes: i . e .4.0 3.3.5. Cisco Systems.3.0 21.6 2. * valid.4.0 37.IGP. i .6 3. local router ID is 1. Inc.3.5 2.4. local router ID is 1.0.4 BGP table version is 16.internal Status codes: s suppressed. there is no need to retransmit or refresh any unchanged information. www.4. > best. Cisco Systems.5 3. because the neighboring router withdraws the route (or the neighboring router is no longer reachable).0.internal Origin codes: i . This alternative is indicated with the ’>’ sign.EGP.0 37.0. The output is sorted—different alternatives to reach the same network are displayed on consecutive lines.5. * valid.0.4.0 Next Hop Next Hop 0. > best. Copyright ©1999.4.5 Metric LocPrf Weight Path Metric LocPrf Weight Path 0 32768 i 0 32768 i 0 37 21 i 0 37 21 i 0 0 21 i 0 0 21 i 0 0 37 i 0 0 37 i 0 21 37 i 0 21 37 i © 2000.6 3.

the route with the highest value is selected best. Cisco Systems. the local router prefers it to any routes received from other BGP routers. An origin code indicating IGP is preferred before EGP. The route with the shortest length is selected. It can very well be several router-hops away and the route to it learned by the IGP. It is not necessary to have a direct connection to the next-hop. When a router has more than one alternative route to reach the same IP subnet (network and mask) the router has to select one of them as best. Check if the next-hop attribute indicates an IP address which is reachable according to the current forwarding table. prefer path through closest IGP neighbor For EBGP paths. Step 2 If the local preference attributes are different. Inc. it is a value assigned to the route by the local router and considered only within the router itself.BGP Route Selection Criteria • • • • • • • • • • • Exclude routes with inaccessible next-hop Prefer highest weight (local to router) Prefer highest local-preference (global within AS) Prefer routes that the router originated Prefer shorter AS paths (only length is compared) Prefer lowest origin code (IGP < EGP < Unknown) Prefer lowest MED Prefer external (EBGP) paths over internal (IBGP) For IBGP paths. The selection criteria are checked in the order indicated below. Step 4 At this point. the BGP route is not considered a candidate to become selected the best. the lengths of the AS-paths are compared (the content is not checked.cisco.com BGP_Overview—Page-56 © 2000. . If the next-hop is not reachable. Step 5 If the AS-path lengths are the same. Then no further testing is done. Cisco Systems. Step 6 23-52 BGP Overview Copyright ©1999. Inc. only the number of ASes in each AS-path is counted). The weight is not carried with the updates. The selection process is made using the BGP attributes attached to the different updates. Step 3 If one of the routes is injected into the BGP table by the local router. Unknown is the last alternative. prefer oldest (most stable) path Prefer paths from router with the lower BGP router ID www. Step 1 Prefer route with higher weight. The first of the checks that indicates a difference is used. the origin code is checked.

So. Step 10 If the router still cannot differentiate the routes. Inc. Copyright ©1999. BGP Overview 23-53 . Step 9 If all alternatives are received from external BGP neighbors the most stable path (the oldest path) is preferred. Distance to the exit point is calculated by comparing the IGP costs toward the BGP next-hops. Step 7 At this point it is clear that the destination network is outside the local AS and that there is not much difference between the alternatives. as indicated in the forwarding table. it nevertheless has to make a decision and select the best route. Routes with lower MED are preferred. that alternative is preferred. It checks the BGP sessions on which it received the updates and chooses the route received on the session where the peer router has the lower BGP router ID. Cisco Systems. only compared if the updates are received from the same neighboring AS. This means that the alternatives are equally good. Step 8 If all alternatives are received from peer routers in the local AS. Since the IP packets to the destination network must leave the AS it is better that they do that sooner than later.Multi-Exit-Discriminator (MED) values are. each of them indicates an exit point and the closest exit is used. if any of the alternatives are received from a BGP peer in another AS. Step 11 The final test is made only after all other checks are made. normally.

0.EGP.5.0.0. e .3.4 BGP table version is 4. e .5 2. Cisco Systems.0/8 is reached via AS37 because the weight indicates it as the best.5 2. ? .0.IGP. local router ID is 1.4. network 37.0.4. Inc.0.4.6 in AS37 and then to AS21.6 3.0.incomplete Origin codes: i .0 37. www. h history. * valid. .3. one of them via neighbor 3. 23-54 BGP Overview Copyright ©1999.0.5 3. Inc.5 Metric LocPrf Weight Path Metric LocPrf Weight Path 0 32768 i 0 32768 i 100 37 21 i 100 37 21 i 0 0 21 i 0 0 21 i 0 100 37 i 0 100 37 i 0 21 37 i 0 21 37 i © 2000.0.5.incomplete *> *> *> *> * * *> *> * * Network Network 21. > best.3. Cisco Systems.0 1.6 2.com BGP_Overview—Page-57 In this example the router in AS123 can reach network 21.0. local router ID is 1.internal Status codes: s suppressed.0.0 3. * valid.EGP.0/8 two paths.4. h history. i .4.0.0 21.0. the second straight to AS21 through neighbor 2. ? .4.5.0 0.4 Status codes: s suppressed.2. i .0.5.0 Next Hop Next Hop 0.6 2.6 3. In this example.0.3.cisco.2.IGP. > best.0.3.BGP Route Selection • Best routes to the destination networks are selected from the BGP table as123#show ip bgp as123#show ip bgp BGP table version is 4.0.4. Likewise.4. the weight is set to 100 for the alternative via AS37 and the other alternative does not have the weight set.3.3.0. This means that the check made at point 2 concludes that the route via AS37 is selected the best.0 37.internal Origin codes: i .

4. However.0 1:24:16: BGP: 3. maximum=45) 1:24:16: BGP: 3. start version 16. table version 16.0. next start version 16. starting at 0.0 © 2000. Copyright ©1999.5. throttled to 16. path 123 21 metric 0.6 send UPDATE path 123 21 1:24:16: BGP: update run completed. metric 0.0.6 update run completed. neighbor version 15.4. throttled to 16. ran for 4ms. the local router. ran for 4ms.6 computing updates.4.0.BGP Route Propagation • Best BGP routes are propagated to BGP neighbors as123#debug ip bgp update as123#debug ip bgp update 1:24:16: BGP: computing updates. On the contrary. neighbor version 15.5. BGP Overview 23-55 .0 version 16.0 255.4. the best next-hop.0 version 15. when a neighbor is selected.0.7. www. next 3.0. The process where routing information is not sent back to the source of information is called split-horizon.0. table 1:24:16: BGP: 3. starting at 0. neighbor version send UPDATE 21. neighbor 1:24:16: BGP: 3. 1:24:16: BGP: 3.4.cisco.0.0.5. Cisco Systems.4. This is to avoid a potential routing loop problem where the neighbor router selected as the best next-hop relies on the local router as the best next-hop. a route is never sent back on the same BGP session that it was received.6 1 updates enqueued (average=45.5. makes sure that the neighbor is not pointing back to the local router by poisoning the route and sending a withdraw message to that neighbor. check point net 0. Inc.com BGP_Overview—Page-58 Only the route selected as best is propagated to the neighbors. maximum=45) 1:24:16: BGP: 3. Inc. Cisco Systems. check point net 0.6 1 updates enqueued (average=45.

The route with the lowest AD will be installed.0 [20/0] via connected.0.6.0 is directly 2. L2 .4. B .0 is directly 3.0.candidate default default Gateway of last resort is not set Gateway of last resort is not set C C C C C C B B B B 1.0 is directly 1.0. R .0.0.RIP.0. the router has to check if there is any other routing protocol that has information about the same subnet (network and mask).0. E .4.connected. 00:02:06 is directly 3.OSPF external type 1.OSPF external type 2.static.candidate i .mobile.4. Serial0 3. O .com BGP_Overview—Page-59 The route in the BGP table that BGP selects as the best is candidate to being installed in the forwarding table (switching table).BGP D .4.mobile. The output from the show ip route command shows with the letter B which routes in the forwarding table that were installed using the BGP information. Loopback0 connected. Inc. Before a route can be installed.BGP Codes: C .0.OSPF inter area D . O . L1 .IS-IS.OSPF inter area E1 . E2 .EGP i .static. L1 .IS-IS level-1. * . Cisco Systems.6. In this example.IGRP. 00:02:06 3. 00:02:06 3.EIGRP external. the administrative distance (AD) is used to determine which source to use.4.OSPF. The AD is shown as the first number within the brackets.0 [20/0] via 37.OSPF external type 2. Inc. * .5.0. M . Once the routes are installed in the forwarding table user data traffic starts to be forwarded. I . Serial1 connected.IGRP. B .0. IA .0.EIGRP.0.0 is directly 2. S . www.0 [20/0] via 37.5.0.IS-IS level-2.0 [20/0] via 21. S .0.EIGRP.5. L2 .0. I .5. . 00:02:06 © 2000. R .IS-IS level-2. 23-56 BGP Overview Copyright ©1999.EIGRP external.RIP.cisco. both networks 21.0.IS-IS level-1.connected.OSPF.OSPF external type 1.0 is directly 21.0. If the subnet is known via different sources.0. E2 .EGP E1 .IS-IS.0/8 are reachable via 3.Building IP Routing Table • Best BGP routes are copied into the IP routing table based on administrative distance as123#show ip route as123#show ip route Codes: C .0. E .0.0. M .0/8 and 37. EX . Serial1 connected.6. Loopback0 connected. EX .0.0. Serial0 connected. Cisco Systems.5.6. IA .

for example. Cisco Systems. or announcing. Local routes can be injected in the BGP process in two different ways: A list of networks is configured using the network configuration command. Those routes will be propagated to the neighboring BGP peers if they are selected as best. which they do. the internal gateway protocol (IGP) used within the AS finds a valid path to them.cisco. www. Cisco Systems.Advertising Local Networks • BGP router process keeps a list of local networks (defined with network command or through redistribution) • BGP process periodically scans the IP forwarding table and inserts or revokes routes from BGP routing table based on their presence in the forwarding table © 2000. giving the neighboring ASes the information about networks that are reachable in the local AS. The IGP used with the AS can be used as the source. s Redistribution of routes learned by another routing protocol. Inc. s Copyright ©1999. They are injected only if they appear in the forwarding table. Inc. BGP Overview 23-57 . This process is called advertising (also originating). if. local routes.com BGP_Overview—Page-60 The BGP routing process can inject new routes in the BGP table. The networks listed are candidates for being injected.

0. neighbor 1:34:34: BGP: 2.6 send UPDATE version 4.0.0 -. neighbor version 4.0.0 1:34:33: BGP: no valid path for 1. So the network must also be revoked from the BGP table. A BGP update message is sent to both neighbors indicating that network 1.0. maximum=25) 1:34:34: BGP: 2.0. . Since there has been a change in the BGP table.3.0 255.unreachable 1:34:34: BGP: maximum=25) 1:34:34: BGP: 2.Advertising Local Networks Example 1/2 • BGP route is revoked after the network is removed from the forwarding table as123# debug ip routing as123# debug ip routing as123# debug ip bgp update as123# debug ip bgp update %LINEPROTO-5-UPDOWN: Line protocol on Loopback0 changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Loopback0 changed state to down 1:34:33: RT: interface Loopback0 removed from routing table 1:34:33: RT: interface Loopback0 removed from routing table 1:34:33: RT: del 255.0.3. throttled to © 2000.5.5 update run completed.0 -.0.0 1:34:33: BGP: nettable_walker 1.0.0. throttled to 5. start version 5.3.0 255.0. the BGP neighbors must be informed.0 255.0/8 has been previously installed in the BGP table because it was listed with a network statement and it was in the forwarding table as directly connected.0.0.0 -. www.0 1:34:33: BGP: no valid path for 1.0.5 send UPDATE 1.0 255.0.0 via 0.unreachable 1:34:34: BGP: 3. Inc.0. ran for 4ms.0.0. Inc.0/ via 0.cisco. network 1.0 1:34:33: BGP: route down 1.0.0 -.0.0.0. ran for 4ms.5 send UPDATE 1.0. But when the loopback 0 interface goes down.0.0.0 255.0/ the directly connected route in the forwarding table is deleted.0.0. connected metric [0/0] 1:34:33: RT: delete network route to 1. start version 5.0.0 1:34:33: BGP: route down 1.0.0/8 is directly connected to interface loopback 0.0.unreachable 1:34:34: BGP: 2.0.0 no best path selected 1:34:33: BGP: nettable_walker 1. check point net 0.5 update run completed.0 255. 23-58 BGP Overview Copyright ©1999. 1:34:33: RT: delete network route to 1.6 send UPDATE 1.0.0. check point net 0.0 no best path selected 1:34:34: BGP: 2.0. The route to 1.0.0/8 is now unreachable.0.0.5 1 updates enqueued (average=25.0.4.com BGP_Overview—Page-61 In this example. Cisco Systems.5 1 updates enqueued (average=25. Cisco Systems.0 1:34:34: BGP: 3.0. connected metric [0/0] 1:34:33: RT: del 1. update run completed.0 route sourced locally 1:36:42: BGP: nettable_walker 1. neighbor version 5. BGP Overview 23-59 .0 via neighbor version 5.com BGP_Overview—Page-62 In this example.0/255. ran for 4ms. This means that the network 1.0.0. www.3. table version 6. next 2.3.4. ran for 4ms. connected metric [0/0] 1:36:42: RT: interface Loopback0 added to routing table 1:36:42: RT: interface Loopback0 added to routing table 1:36:42: BGP: route up 1. table 1:36:43: BGP: 2.0.0. neighbor version 1:36:43: BGP: route sourced locally %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0.cisco.0/255. maximum=50) 1:36:44: BGP: is now in the forwarding table as directly connected. 1:36:42: BGP: route up 1.0 1:36:42: BGP: nettable_walker 1.3.0 255.0.0. starting at 0.0. network check point net 0.6.0 via 0. Now the loopback 0 interface comes back up again.3.0.0. start version 6.5 computing updates.0.5 1 updates enqueued (average=50.3.0 1 updates enqueued (average=50. next 2.0. maximum=50) 1:36:44: BGP: 2.0. throttled to 6.0 255. Copyright ©1999.0. connected metric [0/0] 1:36:42: RT: add 1.0 255. However.5 computing updates.0.0.5 send UPDATE 1. check point net update run completed. path 123 1:36:44: BGP: 2.0 starting at 0.0 version 6.Advertising Local Networks Example 2/2 • BGP route is advertised after the network appears in the forwarding table 1:36:42: RT: add 1. start version 6.0 © 2000.5 send UPDATE 1.0/8 is listed with a network statement in the BGP process. Cisco Systems.0.0. throttled to 6. So the route is injected into the BGP table and the neighbors are updated. neighbor 1:36:44: BGP: 2. Inc.3. the network was not in the forwarding table so it was not injected in the BGP table. metric 0. changed state %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0.0.0 255. Cisco Systems. Inc. changed state to up to up 1:36:43: BGP: 2.0.0. 1:36:43: BGP: 2.0. path 123 metric 0.0 version 5.

they can start exchanging the routing updates. All updates received from BGP neighbors are stored in the BGP table. If a BGP router has several alternatives. The best BGP routes are propagated to other BGP routers and installed in the local IP routing table. which criteria will determine route selection? s s Describe methods that are available to announce local networks 23-60 BGP Overview Copyright ©1999. regardless of whether they are used or not. Inc. it uses a complex route-selection process to select the best route. . as well as local decisions (indicated with weights). The routes to be originated are entered manually in the BGP routing process. Cisco Systems. In both cases. Every BGP router can also originate the routes in BGP.Summary After the BGP sessions are established between BGP routers. or redistributed into BGP from IGP. The route-selection process takes into account various BGP attributes attached to the route. Review Questions Which of the received routing updates are forwarded to other neighbors? s s Which incoming BGP updates are stored in the Which BGP routes are announced to other BGP BGP table? s neighbors With no BGP attributes modified. the BGP routes will only be originated if the corresponding entry exists in the local routing table.

Inc.Simple BGP Configuration Objectives Upon completion of this section. Cisco Systems. you will be able to perform the following tasks: s s s s Initial BGP setup Configuring BGP neighbors Originating local networks in BGP Basic BGP route aggregation Copyright ©1999. BGP Overview 23-61 .

Cisco Systems. www. use the router bgp global configuration command. .Start the BGP Routing Process router(config)# router bgp as-number • Starts BGP routing • Get your AS number from InterNIC (www. This means that the AS numbers are required to be unique in the world when the BGP information is exchanged with the Internet.com BGP_Overview—Page-67 router bgp To configure the Border Gateway Protocol (BGP) routing process. The AS number could be a public AS number (ranging from 1 to 64511). one BGP process in a router.ripe.cisco. It must be assigned the local AS number. It must uniquely identify the AS among all routers exchanging BGP routing information. There can be. 23-62 BGP Overview Copyright ©1999. assigned to you by an Internet registry or a private AS number (ranging from 64512 to 65535). Inc. The AS number is a 16-bit unsigned integer number. This command starts the BGP routing process in the router. Inc. at most. use the no form of this command. router bgp autonomous-system no router bgp autonomous-system Syntax Description autonomous-system Number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Private AS numbers will never be propagated into the public Internet.net) • Use private AS numbers (64512 . Cisco Systems.net) or RIPE (www.65535) if you run BGP in a private network • Only one BGP routing process per router is allowed © 2000. either directly or indirectly.internic. To remove a routing process.

Configure External Neighbors router(config-router)# neighbor ip-address remote-as as-number neighbor ip-address description neighbor description • Defines an external neighbor and (optionally) assigns a description • External neighbor has to be reachable over directly connected subnet © 2000. neighbor remote-as To add an entry to the Border Gateway Protocol (BGP) neighbor table. The local router will try to connect to the indicated IP address and also accept incoming connection attempts from the indicated IP address. In this example a free text string is entered as the description of the neighbor. BGP Overview 23-63 . Cisco Systems. They have to be explicitly configured. To remove an entry from the table. use the neighbor remote-as router configuration command. The first attribute that must be configured with a new neighbor is the remote-AS number in which the neighbor is taking part.cisco. When the session is established the configured remote-AS will be verified with the BGP Open messages exchange. Inc. but indicating different attributes. This is done on successive configuration lines. Other attributes may optionally be configured with the neighbor. On later pages. use the no form of this command. Cisco Systems.com BGP_Overview—Page-68 BGP does not auto-discover neighbors. neighbor {ip-address | peer-group-name} remote-as number no neighbor {ip-address | peer-group-name} remote-as number Syntax Description ip-address peer-group-name Neighbor's IP address Name of a BGP peer group number Autonomous system to which the neighbor belongs Copyright ©1999. referring to the same neighbor IP address. other attributes will be described. Inc. www.

use the no form of this command. To remove the description. . neighbor {ip-address | peer-group-name} description text no neighbor {ip-address | peer-group-name} description [text] Syntax Description ip-address peer-group-name text Neighbor's IP address Name of a BGP peer group Text (up to 80 characters) that describes the neighbor 23-64 BGP Overview Copyright ©1999. Inc.neighbor description To associate a description with a neighbor. Cisco Systems. use the neighbor description router configuration command.

Inc.com BGP_Overview—Page-69 neighbor shutdown To disable a neighbor or peer group. use the neighbor shutdown router configuration command.Temporary Disable BGP Neighbor router(config-router)# neighbor ip-address shutdown • Disables communication with a BGP neighbor • Usage scenarios: • Debugging and troubleshooting • Shutdown the neighbor during extensive modification of routing policies to prevent inconsistent routing data © 2000. Cisco Systems. www.cisco. neighbor {ip-address | peer-group-name} shutdown no neighbor {ip-address | peer-group-name} shutdown Syntax Description ip-address peer-group-name Neighbor's IP address Name of a BGP peer group Copyright ©1999. To re-enable the neighbor or peer group. BGP Overview 23-65 . Cisco Systems. use the no form of this command. Inc.

use the neighbor password router configuration command. . Inc. To disable this function. You cannot specify a password in the format number-space-anything. Inc.cisco. neighbor {ip-address | peer-group-name} password string no neighbor {ip-address | peer-group-name} password Syntax Description ip-address peer-group-name Neighbor's IP address Name of a BGP peer group string Case-sensitive password of up to 80 characters. The space after the number causes problems 23-66 BGP Overview Copyright ©1999.Configuring TCP MD5 Signature router(config-router)# neighbor ip-address password string • Enables Message Digest 5 authentication on BGP session • Use the same password string on both routers © 2000. Cisco Systems. use the no form of this command. The first character cannot be a number. Cisco Systems. www.com BGP_Overview—Page-70 neighbor password To enable Message Digest 5 (MD5) authentication on a TCP connection between two Border Gateway Protocol (BGP) peers. including spaces. The string can contain any alphanumeric characters.

Cisco Systems. BGP Overview 23-67 . The internal gateway protocol (IGP) used with the AS can be used. If any of the listed networks are reachable by the local router.Announcing Networks in BGP Only administratively defined networks are announced in BGP • Manually configure networks to be announced • Use redistribution from IGP • Use aggregation to announce summary prefixes © 2000. This is called route aggregation and also requires configuration. Any route known by the local IGP can be injected into the BGP table this way. then the network is injected as a route into the BGP table. Cisco Systems. The AS-path attribute for such a route will be empty. Inc. s A router can also introduce new routing information into the BGP table by summarizing routes already there. Inc. There are two different ways to do this configuration: List the network numbers that are candidates to be advertised. This is done with the network configuration command. indicating a local route. according to its forwarding table. The AS-path changes later as the route passes AS boundaries. Any route introduced by the router into the BGP table will appear as a new route. Copyright ©1999. s Redistribute routing information learned by other routing protocols into the BGP table. www.com BGP_Overview—Page-71 Before any local routing information is injected into the BGP table for advertising to other BGP speakers.cisco. some kind of configuration is required.

it only indicates which routes should be injected into the BGP table.cisco. Cisco Systems. Cisco Systems. Inc. Inc.com BGP_Overview—Page-72 To specify the networks to be advertised by the Border Gateway Protocol (BGP) routing process. www. . it is run over TCP sessions with manually configured neighbors. Also. the network command is used to indicate interfaces over which the routing protocol will be run. In BGP. Note The meaning of network command in BGP is radically different from the way network command is used in other routing protocols. To remove an entry. At least one subnet of the specified major network needs to be present in the IP routing table to allow BGP to start announcing the major network as a BGP route. use the no form of this command. BGP never runs over individual interfaces. The network command with no mask option uses the classful approach to insert a major network into the BGP table. 23-68 BGP Overview Copyright ©1999. In all other routing protocols.Manually Define Major Network router(config-router)# network major-network-number • Allows advertising of major networks into BGP • At least one of the subnets must be present in the routing table • The meaning of “network” command in BGP is completely different from any other routing protocol © 2000. use the network router configuration command.

the origin code is set to unknown/incomplete. this introduces the risk that the IGP finds some networks that were not supposed to be advertised. Listing the routes gives you total control over networks that could possibly be advertised by BGP. are often used within an AS for various reasons but must never be advertised out onto the Internet.Redistributing Routes from IGP • Easier than listing networks in BGP process in large networks • Redistributed routes carry origin-attribute ‘incomplete’ • Always filter redistributed routes to prevent route leaking • Avoid in Service Provider environments © 2000. not routing security (for example. This is a very desirable option for multi-homed customers or Internet service providers. Cisco Systems. in enterprise networks). and the BGP is used primarily to achieve scalability. such as network 10.com BGP_Overview—Page-73 There are two alternatives for injecting local routes into the BGP table: list them using network statement or redistribute them.0/8. Copyright ©1999.0. Cisco Systems. this approach requires a lot of configuration statements that could be hard to maintain. When a route listed with a network statement is injected.0. www. On the other hand. However. it could be easier to let the local internal gateway protocol (IGP) find the routes.cisco. and then redistribute them into BGP. Careful filtering must be done to prevent unintentional advertising. Inc. the origin code is set to IGP. Inc. If there are a lot of networks to be advertised. Private network numbers. If the route is injected into BGP through redistribution. BGP Overview 23-69 .

For ospf. Cisco Systems. The keyword connected refers to routes which are established automatically by virtue of having enabled IP on an interface. static [ip]. (Optional) For bgp. www. Inc. Cisco Systems. connected. igrp. For isis. or igrp. use the redistribute router configuration command. this is an appropriate OSPF process ID from Copyright ©1999. this is an autonomous system number. egp.Simple IGP to BGP Redistribution router(config)# router(config)# router bgp <AS> router bgp <AS> redistribute <IGP> redistribute <IGP> distribute-list <ACL> out <IGP> distribute-list <ACL> out <IGP> ! ! access-list <ACL> permit <network> access-list <ACL> permit <network> • Configure redistribution in BGP process • Configure route-filter using distribute list • Caveat: • BGP routes originated through redistribution have incomplete origin © 2000.com BGP_Overview—Page-74 redistribute (IP) To redistribute routes from one routing domain into another routing domain.cisco. which is a 16-bit decimal number. Inc. It can be one of the following keywords: bgp. To disable redistribution. process-id 23-70 BGP Overview . use the no form of this command. redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric metricvalue] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets] no redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets] Syntax Description protocol Source protocol from which routes are being redistributed. egp. isis. ospf. this is an optional tag that defines a meaningful name for a routing process. and rip. You can only specify one IS-IS process per router. Creating a name for a routing process means that you use names when configuring routing.

distribute-list out (IP) To suppress networks from being advertised in updates. Cisco Systems. metric metric-value (Optional) Metric used for the redistributed route. (Optional) Network weight when redistributing into BGP. no process-id value is needed. This identifies the routing process. If not specified. the default metric value is 0. external 1---Routes that are external to the autonomous system. Level 1 routes are redistributed into other IP routing protocols independently. the criteria by which OSPF routes are redistributed into other routing domains. and no value is specified using the default-metric command. no routes will be imported. If a value is not specified for this option. This value takes the form of a nonzero decimal number. map-tag weight weight subnetsIndicates that not only network with natural mask should be redistributed. but are imported into OSPF as type 2 external route. metric will be the MED value. use the no form of this command. but no route map tags are listed. BGP Overview 23-71 . route-map (Optional) Route map should be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. external 2---Routes that are external to the autonomous system. both Level 1 and Level 2 routes are redistributed into other IP routing protocols. Inc. all routes are redistributed. Level 2 routes are redistributed into other IP routing protocols independently. If this keyword is specified. match {internal | external 1 | external 2} (Optional) For OPSF. An integer from 0 to 65535. level-1-2 For IS-IS. (Optional) Identifier of a configured route map. use the distribute-list out router configuration command. To cancel this function. but also subnets. distribute-list {access-list-number | access-list-name} out [interface-name | routing-process | autonomous-system-number] Copyright ©1999.which routes are to be redistributed. level-1 For IS-IS. It can be one of the following: internal—Routes that are internal to a specific autonomous system. level-2 For IS-IS. For rip. In the BGP case. but are imported into OSPF as type 1 external route.

Cisco Systems. Inc. 23-72 BGP Overview Copyright ©1999.The access-list referred to by the distribute-list command permits those routes that should be redistributed. .

to define the conditions for redistributing routes. Cisco Systems. When you are passing routes through a route map. Inc. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. only selected routes will be advertised and they will have the desired attribute values. and the match and set routemap configuration commands. the route will not be advertised. Copyright ©1999. Each route-map command has a list of match and set commands associated with it. Using the set statement. Any route that does not match at least one match clause relating to a routemap command will be ignored.Redistribution Using RouteMaps router(config)# router(config)# router bgp <AS> router bgp <AS> redistribute <IGP> route-map intoBGP redistribute <IGP> route-map intoBGP ! ! route-map intoBGP permit route-map intoBGP permit match ip address <ACL> match ip address <ACL> set origin igp set origin igp ! ! access-list <ACL> permit <network> access-list <ACL> permit <network> • Origin can be set to ‘IGP’ with a route-map • Other BGP path path attributes can also be set • Metric • Next-hop • Community © 2000. If you only want to modify some data. Any string could be used but a meaningful name is suggested. some path attributes of the redistributed routes may be changed. that is. Inc. The route-map must be given a name. A routemap can be applied on all routes being redistributed from the interior gateway protocol (IGP).com BGP_Overview—Page-75 Route-maps can be used to filter updates and modify various attributes. if desirable. you must configure a second route-map section with an explicit match specified. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map command. Use the route-map global configuration command. Cisco Systems.cisco. Thus. a route map can have several parts. BGP Overview 23-73 . www. Only the routes being permitted by the route-map will be redistributed. This is a case-sensitive string which is used when referring to it.

is written as 10. The number following the slash.0.0. Inc. BGP uses prefix notation (address/number-of-bits) to display IP prefixes.0/16 and a class C network.0/16 notation above.0/24. is referring to the number of bits in the subnet mask being set to 1. As another example.0 © 2000. Cisco Systems.0. and it has the rest of the bits set to zero.0 with natural mask.255. for example 10.1.0 starts with 16 consecutive bits set to 255. 23-74 BGP Overview Copyright ©1999.17.1.0/24.com BGP_Overview—Page-76 BGP of version 4 is classless.0. Cisco Systems. The mask 255.16.0. in the 192.0. meaning that its routing updates include IP address and the subnet mask.1.0 can be written using the prefix notation as 172.1. with the natural mask.0. .168. An IP prefix could be a subnet. is written as 172.0/8. is written as 192.168.cisco.0 with natural mask. Inc.0.168.255. an old class A network.0 with mask 255. 172. ‘/’. A class B network. When classless prefix notation is used.0/16 = 192. a major network or a supernet.255.Classless BGP Operation • BGP4 supports Classless Interdomain Routing (CIDR) • Any BGP router can advertise individual networks or supernets (prefixes) • Prefix notation is used with BGP instead of subnet masks • 192. www.16.255.0. the subnet 172. The combination of the IP address and the subnet mask is called an IP prefix.

Cisco Systems. the behavior changes slightly and it is required that an exact match of network number and subnetmask appear in the forwarding table before the route is injected into the BGP table. Copyright ©1999. Inc. BGP Overview 23-75 . Cisco Systems. network network-number [mask network-mask] no network network-number [mask network-mask] Syntax Description network-number mask (Optional) network-mask (Optional) Network mask address Network that BGP will advertise If the keyword mask and the subnetmask are omitted. If the network-mask is specified. www. Inc. use the no form of this command. the network is assumed to have its natural mask according to the network class. To remove an entry.cisco.Manually Announce Classless Prefix in BGP router(config-router)# network ip-prefix-address mask subnet-mask • Configures a classless prefix to be advertised into BGP • The prefix must exactly match an entry in the IP forwarding table • Hint: use a static route to null 0 to create a matching prefix in the IP forwarding table © 2000. If network-mask is omitted.com BGP_Overview—Page-77 network (BGP) To specify the networks to be advertised by the Border Gateway Protocol (BGP) routing process. the route is injected into BGP if there is any subnet of the major network reachable according to the forwarding table. use the network router configuration command.

which is not shown in the configuration example.0 mask 255. The network statement with mask tells BGP that 192.0/16 address range. It will always be found since there is a static route for it. Of course. Inc.255. the router in this example must have more explicit routes to the different parts of the 192. Cisco Systems. 23-76 BGP Overview Copyright ©1999.255.0 255.168.0. This static route points to the null interface.168.168. If a packet arrives from the Internet to a subnet of 192.0 255.0/16 is a candidate of being advertised. the router checks the forwarding table for an exact match (both network number and mask).com BGP_Overview—Page-78 In this example.0 mask 255.0 null 0 © 2000.0/16 assigned to the Internet Service Provider router(config)# router(config)# router bgp 123 router bgp 123 network 192. the static route will route the packet to the null interface where it is dropped.0. however. All other BGP routers will use this information and forward any IP packets with the destination IP address in the interval 192. the IP address space 192. www. which might occur when route summaries are used in combination with default routing.0. If. network 192.255.0 to 192. The mask keyword and the mask 255. . and a routing loop would have occurred.0 null 0 ip route 192.255 (inclusive) in direction of this router.168.0. which is always available. is assigned to a Service Provider and the Service Provider would like that address space to be constantly advertised by BGP. Inc.0 ! ! ip route 192. However.168. the packet would immediately be routed back again. Cisco Systems. This is a safe precaution to prevent a routing loop. This could be achieved by the interior gateway protocol (IGP). the packet might otherwise have followed the default route towards the Internet because there was no more explicit route. an IP packet arrives with a destination address to which this router does not have a more explicit route.168. When those packets arrive.0.0/16 will always be advertised by this router.Advertising a Supernet Prefix Example • Advertise prefix 192.0 are required since the mask is not the natural one. which is currently not reachable. The conclusion is that 192. before the candidate route is actually advertised.

However. The summarization of BGP routes is called aggregation. a router must be configured to do so. Cisco Systems. Inc. This creates more information in the BGP table.cisco. If any route already in the BGP table is within the range indicated by the summary. they are marked as suppressed. which are covered by the route summary. www. Inc. then the summary route is also injected into the BGP table and advertised to other routers. Cisco Systems. Before BGP advertises these routes to the rest of the network an aggregation of the subnets into a larger announcement would be appropriate. When a router is configured to do aggregation. This is called proxy-aggregation. but can be summarized at a later stage. the route summary must be configured. Copyright ©1999. more specific routes are injected into the BGP table by some routers and aggregation is done in another router or even in another AS. Aggregation is used when a group of more specific routes have been injected into the BGP table at one stage. the more specific routes. This is an option to the aggregate configuration command. must be suppressed.Aggregating BGP Networks Summarization is called aggregation in BGP • Aggregation creates summary routes (called aggregates) from networks already in BGP table • Individual networks could be announced or suppressed © 2000. The routes to be summarized could be internal gateway protocol (IGP) routes redistributed into BGP.com BGP_Overview—Page-79 When the BGP table is already populated with routes that should be summarized. BGP Overview 23-77 . When the more specific routes are configured to be suppressed. To get any benefits from the aggregation. which means that they are never advertised to any other router. In some networks. then they are still present in the BGP table of the router doing the aggregation.

Configuring Aggregation (#1) router(config)# router bgp as-number aggregate-address address-prefix mask • Specify aggregation range in BGP routing process • The aggregate will be announced if there is at least one network in the specified range in the BGP table • Individual networks will still be announced in outgoing BGP updates © 2000.com BGP_Overview—Page-80 In this example. . aggregate-address To create an aggregate entry in a BGP routing table.cisco. the suppressing of individual routes. This is generally not the desired behavior. Cisco Systems. Cisco Systems. described on next page. www. use the aggregate-address router configuration command. both the route summary and the more specific routes will be advertised. To disable this function. where summary-only is not used. use the no form of this command. Inc. Inc. Therefore. aggregate-address address mask [as-set] [summary-only] [suppress-map mapname][advertise-map map-name] [attribute-map map-name] no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name][advertise-map map-name] [attribute-map map-name] Syntax Description address Aggregate address mask Aggregate mask summary-only (Optional) suppresses more specific routes 23-78 BGP Overview Copyright ©1999. is used in most cases.

One of the benefits from this is that the rest of the routers will receive only one route instead of several more specific routes. Copyright ©1999. so there is a risk that the least optimum path will be chosen. Some of the networks could be more reachable via one of the paths.com BGP_Overview—Page-81 When the summary-only option is used. Another benefit is that route flapping is reduced. Cisco Systems. Inc. The router doing the aggregation will keep on advertising the aggregate as long as there is at least one more specific route within the range still available. It eases the burden on the other routers by reducing the amount of memory required to hold the BGP table. some others more reachable the other way. Inc. all route summarization in any routing protocol causes loss of granularity. If one of the more specific routes is lost.cisco. not the more specific routes. However. From the outside this is not visible. This reduces the amount of updates necessary and the CPU power required to process them. The flap of the more specific route is not visible for the rest of the network. Sub-optimal routing could be introduced when redundant paths are available to reach a group of networks advertised by a single route summary. only the route summary will be advertised. but at least one remains.Configuring Aggregation (#2) router(config)# router bgp as-number aggregate-address address-prefix mask summary-only • Configure aggregation of BGP routes • Advertise only the aggregate and not the individual networks Benefits: • Smaller BGP routing tables • More stable internetworks (less route flapping) Drawbacks: • Problems with multi-homed customers © 2000. www. BGP Overview 23-79 . the aggregate itself will not be lost. Cisco Systems.

0/24 192. Cisco Systems.0.1.0/24 will be propagated by Bad to the rest of the Internet.168. Alternate provider advertises individual network © 2000.0/24 to Bad provider. Inc. This means that Good is also doing proxyaggregation for the route 192. .Multihomed Customer Problem Alternate Provider www.0/24 advertised by Customer AS. The rest of the Internet will not see the route 192. Cisco Systems.cisco.168.0/16 Primary Provider (aggregating) • Customer prefers Primary provider using Alternate only as backup • Primary provider advertises the aggregate.1.168.0/16 before sending it to the rest of the network.0/24 via Good provider. 23-80 BGP Overview Copyright ©1999. 192. Bad does not do any aggregation of any routes starting with 192.10. This means that 192.0/24 Multihomed Customer Rest of the Internet 192. Inc.168.1.com BGP_Overview—Page-82 In this example Good provider is doing aggregation of 192.1. But Customer AS also advertises 192.1.168. and should not do so.

0/24 192. Both routes will be installed in the forwarding table.168. the Good provider must turn off aggregation.1.168.0/24 192.0/24 Multihomed Customer Rest of the Internet 192.0.1. Cisco Systems. Inc.0/24 Primary Provider (aggregating) • Remote autonomous systems prefer longest-match prefix.0/16 reachable via Good. These two routes are treated as different routes. Inc. BGP Overview 23-81 .0.1. the rest of the Internet could be advised to use Good instead of Bad. To avoid this.0/24 both ways. so all benefits of aggregation will be lost.0/24 network. the rest of the Internet will follow the “longest matching prefix” rule and forward the packet to the Bad provider.1.1. Since exactly the same route (network and mask) is reachable two ways. If Good does so.10. They are not compared with each other in a route selection process since they indicate different destinations.0/24 reachable via Bad and 192. www. It sees 192. Copyright ©1999.1. route-selection processing starts. traffic toward the customer flows through Alternate provider • Solution: don’t use aggregation © 2000. Cisco Systems.1.10. turning off aggregation will also cause Good to advertise all routes within the aggregate. If a packet arrives with a destination address in the 192.cisco. Depending on the attribute values.com BGP_Overview—Page-83 The rest of the Internet now sees overlapping routes. However. the rest of the Internet will see 192.0/16 192.Multihomed Customer Problem Alternate Provider 192.1.

Inc.0/20 is also conditionally advertised.0.0/20 • Aggregate networks in 192. the more specific route is still advertised.0/20 is always advertised.0. It is injected into the BGP table as a summary. any more specific route is suppressed and not advertised to any neighbors. Inc.com BGP_Overview—Page-84 The configuration example above shows three different ways of advertising a route summary.0 aggregate-address 192. s 23-82 BGP Overview Copyright ©1999.32.255. an exact match in the routing table is a required condition before the route is injected into the BGP table.0 255. s The prefix 192.0/20 is conditionally advertised.255.168. Cisco Systems.32. Because the mask is specified.240.255.16. s The prefix 192.240.Classless BGP Examples • Advertise prefix 192.168. www.168.0. However. null 0 © 2000.0.0 summary-only ! ! ip route 255. It is injected into the BGP table whenever there is a more specific route within the route summary range already in the BGP table.240.0 255.0 mask 255.0 summary-only aggregate-address 192.168. .0 network 255.0 255.168. The network statement makes it a candidate for being advertised. It is injected into the BGP table whenever there is a more specific route within the route summary range already in the BGP table. 255.cisco.0 aggregate-address 192.0/20 and announce individual networks • Aggregate networks in 192.0 null 0 ip route 192. However.168. Cisco Systems.240. The prefix 192.0 mask suppressing individual network announcements router(config)# router(config)# router bgp 123 router bgp 123 network 192. The matching route is inserted in the IP routing table by the static ip route statement to the null 0 interface.0 aggregate-address 192.255.

The prefix 192.0.0 Next Hop Next Hop 0.32. Inc. BGP Overview 23-83 . 21.0.0/24 all have natural masks as applied to class C networks.4.168.0/24 and 192.5.0 0.0.16. This means that they are still present and available in the routers BGP table.3.0.0. e .4.0.IGP. so they are still advertised. h history.0.0/24 are within the range.0 0. Inc.0.6 192.3.0 0.33. i .0.5 3. e .16.0.0/20 192. Cisco Systems. > best.0/20 192.0.6 2.168.0/20 is always injected.32.incomplete Origin codes: i .0 local router ID is 1.32.internal Status codes: s suppressed.4 Status codes: s suppressed. ? .3. local router ID is 1.0.0. ? .0. The prefix 0.6 3.0 192.0 0.17.0 1.0 0.0 0.cisco. As shown above all three prefixes are injected.0.0.0 0.0.168. Cisco Systems.168.0/20 192.BGP Table as123#show ip bgp as123#show ip bgp BGP table version is 16.5 0.0.Aggregation Example .0.0/24 and 192.4.0/20 192. The network mask is.0 37.0.0 3.com BGP_Overview—Page-85 The show ip bgp command prints the BGP table.168.0/24 are within the range.4.168. 192.17. 192.0.0.EGP.0.0 0. The prefix 192. * valid.0.0/20 192.0 21.IGP.0.168. Copyright ©1999. i .6 3.17. www.0 192.0 192. however.0 0.0. > best.4.4. the prefix length is not displayed on the show ip bgp printout.5 and 192.incomplete *> *> * * *> *> *> *> * * *> *> *> *> *> *> *> *> *> *> s> s> s> s> Network Network 1.0/20 192.0. All more specific routes are marked as suppressed using the lower case letter s.16.0/24.0.168. In this case both 192. * valid.33.168. stored in the BGP table and sent on any BGP update.168.168.0 192. but they are not advertised on any BGP session.0. Nothing is changed with the more specific routes.0 192.17.0/ Note Since the prefixes 192.32.0/20 is injected because there is at least one more specific route within the summary range.0 0.0 In this case both 192.EGP.168.internal Origin codes: i .168. h history.5.32.4 BGP table version is 0.5 2.0.0/20 is injected because there is at least one more specific route within the summary range.0 Metric LocPrf Weight Path Metric LocPrf Weight Path 0 32768 i 0 32768 i 0 37 21 i 0 37 21 i 0 0 21 i 0 0 21 i 0 0 37 i 0 0 37 i 0 21 37 i 0 21 37 i 0 32768 i 0 32768 i 0 32768 i 0 32768 i 0 32768 ? 0 32768 ? 0 32768 ? 0 32768 ? 0 32768 i 0 32768 i 0 32768 ? 0 32768 ? 0 32768 ? 0 32768 ? © 2000.168.0.

4.3. www. are included in the update.4.4.0 metric 0.16.5 send UPDATE 1:36:43: BGP: 2. next 192.0 255.0/20 and 192. are never sent as updates on the BGP session. path 123 1:36:43: BGP: send UPDATE 23-84 BGP Overview Copyright ©1999.255.5 send UPDATE next 192.4. path 123 1:36:43: BGP: 2.0/24. metric 0. Inc.3.168.0 255. path 123 2.168. next 192.0/20.3. metric 0. the non-suppressed more explicit routes. metric 255.0 255. Also. However. are included in the updates.0 next 192. 192.32.240. metric 0.4.168. next 192.5 send UPDATE 1:36:43: BGP: 2.255.Aggregation Example Outgoing BGP Update Router#debug ip bgp updates Router#debug ip bgp updates 1:36:43: BGP: path 123 2.168.240. next 192.6. path 123 1:36:43: BGP: 2.5 send UPDATE 2. metric 0.168. metric 0.240. 192.255. Cisco Systems. send UPDATE 1:36:43: BGP: send UPDATE 1:36:43: BGP: 2.3. path 123 2.cisco. path 123 1:36:43: BGP: 2.17.0/20.6.168. 192.3. metric 0.0.0 255. next 192.5 send UPDATE 1:36:43: BGP: 2.0.255. metric 0.255.16. metric 0.32. next © 2000.168. All three route summary prefixes.com BGP_Overview—Page-86 The debug output shows BGP updates sent to a neighbor.3.0/24 and 192.16. the suppressed more explicit routes. .0 255.17.0 255.255. Cisco Systems. path 123 192.0/24 and 192.4.6. next 192.4. path 123 next Inc.0.5 send UPDATE 2.4. 192.5 send UPDATE 2. path 123 2.

Cisco Systems. which also enters the BGP configuration. External BGP neighbors should be directly connected. BGP Overview 23-85 . There are. the BGP neighbors have to be configured. The network command can be used in a classful scenario (to specify a major network) or in a classless scenario (with the mask option) to announce any IP prefix. Local networks are announced in BGP by listing them with the network command or by redistributing them with the redistribute command. As the next step. There are several scenarios (dial backup and load sharing being the more common) that require an EBGP neighbor to be distant. This process is called aggregation in BGP and is configured with the aggregate-address command. Inc. In these cases. You always have to specify the remote AS number for a neighbor you configure and you have the option to attach a description to the neighbor. a matching route has to reside in the IP routing table. you have to specify ebgp-multihop option on the neighbor to start the EBGP session. some cases where the routes already in the BGP table have to be summarized. If you use the classless version of the network command. BGP route aggregation is performed for exactly the same reasons as the route summarization in other routing protocols: s s Reduce the size of the routing table Make networks more stable as the flap of an IP prefix within the aggregate will not cause the whole aggregate to flap Review Questions s How many BGP processes can be active in a Which parameters must be configured for a BGP router? s neighbor? What potential problem could be caused by redistributing all routes from the IGP to BGP? s s Why are external BGP neighbors almost always What are the benefits of BGP route When should you use BGP aggregation? What are the drawbacks of using BGP directly connected? s summarization? s s aggregation? Copyright ©1999. Proper ISP network design would always rely on BGP routers announcing the address space allocated to the ISP through the network command. however.Summary BGP process in a router is started with router bgp command.

Monitoring and troubleshooting BGP Objectives Upon completion of this section. Cisco Systems. Inc. you will be able to perform the following tasks: s s s s s s Monitor the overall BGP status Monitor BGP neighbors Monitor BGP table Inspect individual prefixes in the BGP table Perform basic BGP debugging Troubleshoot simple BGP-related problems 23-86 BGP Overview Copyright ©1999. .

1 1.0.com BGP_Overview—Page-91 This is a very useful command when troubleshooting BGP.1. main routing table version 8 4 network entries (8/12 paths) using 832 bytes of memory 4 network entries (8/12 paths) using 832 bytes of memory 5 BGP path attribute entries using 576 bytes of memory 5 BGP path attribute entries using 576 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory 2 received paths for inbound soft reconfiguration 2 received paths for inbound soft reconfiguration Neighbor Neighbor 1.0. The number of messages/updates received from the neighbor since the session was established.2. The first section of text describes the BGP table and its content. main routing table version 8 BGP table version is 8. s with the neighbor. s neighbor.Monitoring Overall BGP Routing router> show ip bgp summary • Displays BGP memory usage.1 1.3 1.0. s The second section of the output is a table in which the current neighbor statuses are shown. Cisco Systems.1.cisco.0. BGP Overview 23-87 . s Main routing table version is the version number of the BGP table that was most recently installed in the forwarding table.0. Inc. www. Inc.3 1. The columns are: s IP address of the neighbor as configured in the BGP version number used when communicating Autonomous system number of the remote local router.1 1. The output displays how many networks that are known and how many different paths and attribute values that are associated with them. BGP neighbors and the state of communication with them Fred#show ip bgp summary Fred#show ip bgp summary BGP table version is 8. There is one line of text for each neighbor configured. This number is incremented every time the table is changed. Cisco Systems.1. The output provides a short summary of the status of the BGP process in the router.2. s The number of messages/updates sent to the neighbor since the session was established.1. BGP table version is the version number of the local BGP table.0. s Copyright ©1999.1 V V 4 4 4 4 4 4 AS MsgRcvd MsgSent AS MsgRcvd MsgSent 213 80 81 213 80 81 387 79 81 387 79 81 213 82 82 213 82 82 TblVer TblVer 8 8 0 0 0 0 InQ OutQ Up/Down State/PfxRcd InQ OutQ Up/Down State/PfxRcd 0 0 01:15:51 2 0 0 01:15:51 2 0 0 00:00:15 Active 0 0 00:00:15 Active 0 0 02:15:23 Idle 0 0 02:15:23 Idle © 2000. s The amount of memory allocated to hold the table.

s Number of messages waiting to be processed in the incoming queue from this neighbor.Version number of the local BGP table that has been included in the most recent update to the neighbor. the number of messages sent and received can be used as an indication of stability. Use the command a few times. IP address and AS number of the neighbor can also be verified with this command. Cisco Systems. A lot of messages in the in-queue indicate a lack of CPU resources in the local router. State established is not printed out. further investigations must be done to see the reason for this. show ip bgp summary Syntax Description This command has no arguments or keywords. so no state name indicates the state established. If the session is established. A lot of messages in the out-queue indicates a lack of bandwidth to the remote router or a lack of CPU resources in the remote router. and calculate how many messages have been exchanged during that period. s How long the neighbor has been in the current state and the name of the current state. . If they are not. with several between the printouts. s The information can be used to verify that BGP sessions are up and established. s Number of messages waiting in the outgoing queue for transmission to the neighbor. use the show ip bgp summary EXEC command. 23-88 BGP Overview Copyright ©1999. show ip bgp summary To display the status of all Border Gateway Protocol (BGP) connections. Inc.

0. table version = 11.2. up for 01:23:05 Last read 00:00:05. www.1 BGP state = Established. This is useful when troubleshooting the path selection. Mask 0x8 BGP version 4.Monitoring BGP Neighbors router> show ip bgp neighbor ip-address • Displays detailed neighbor information Fred#show ip bgp neighbor 1. BGP Overview 23-89 . TCP timers and counters will also be presented.1 BGP neighbor is 1. If you omit this argument. This is a subset of the output from the received-routes keyword. of prefix received 2 © 2000. keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 92 messages. If any of the optional qualifiers referring to routes or paths are given. the BGP routing information sent or received on this session will be displayed. The other usage is not shown in this example. remote router ID 10. all neighbors are displayed. Inc.0. remote AS 213.com BGP_Overview—Page-92 This command can be used for two different purposes.2. routes (Optional) Displays all routes that are received and accepted. use the show ip bgp neighbors EXEC command. 0 in queue Connections established 1. show ip bgp neighbors To display information about the TCP and Border Gateway Protocol (BGP) connections to neighbors. 0 notifications. hold time is 180.cisco. received-routes (Optional) Displays all received routes (both accepted and rejected) from the specified neighbor. Offset 0. 0 in queue Sent 92 messages. show ip bgp neighbors [address] [received-routes | routes | advertised-routes | {paths regular-expression} | dampened-routes] Syntax Description address (Optional) Address of the neighbor whose routes you have learned from. The general case is shown in this example.1. All BGP session parameters are displayed. Cisco Systems. Copyright ©1999.1.1. It is used to get information about the TCP session and the BGP parameters of the session. external link Index 3. 0 notifications. dropped 0 Last reset never No. Inc. Cisco Systems.

Cisco Systems.advertised-routes (Optional) Displays all the routes the router has advertised to the neighbor. 23-90 BGP Overview Copyright ©1999. dampened-routes (Optional) Displays the dampened routes to the neighbor at the IP address specified. . paths regular-expression (Optional) Regular expression that is used to match the paths received. Inc.

Cisco Systems. Inc.2. the Origin attribute is displayed.1 1. Some. The BGP path selection will select one of the alternative routes to each of the networks as the best. > best. BGP Overview 23-91 .0.0.0 11.IGP. Short information about each route is displayed on a single line.0.3 1.1 1. local router ID is 12.0. the entire BGP table is displayed.0. e .0.0 12.1.1.cisco. * valid. Immediately following the AS-path. when the show ip bgp command is given without the optional qualifiers.0.1. of the BGP attributes associated with the route are displayed on the line.0.3 Status codes: s suppressed.0. i internal internal Origin codes: i . h history.2. ? .2.3 BGP table version is 11.0 12. Cisco Systems. which are referring to the same network.1 1.0.0 10.0. d damped. Next-hop.1.incomplete Origin codes: i .0.0. e .0. both routes are displayed on successive lines.1.1 1. but not all.1.0.1 1.0.1 1. Inc.0.EGP.0 11. but not being a part of the AS-path attribute. have the network number field left blank. This route will be pointed out by the character ‘>’ in the left column. ‘e’ means EGP and ‘?’ means Incomplete/Unknown. The following lines.0. ? . The output is sorted in network number order.1 0. d damped. i Status codes: s suppressed.0.0.0. > best.Monitoring BGP Table router> show ip bgp • Displays all routes in the BGP table in summary format Fred#show ip bgp Fred#show ip bgp BGP table version is Metric LocPrf Weight Path Metric LocPrf Weight Path 500 0 213 i 500 0 213 i 1000 0 213 i 1000 0 213 i 500 0 213 i 500 0 213 i 1000 0 213 i 1000 0 213 i 0 32768 i 0 32768 i 0 0 387 i 0 0 387 i © 2000. * valid.com BGP_Overview—Page-93 In the general case.IGP.2. Copyright ©1999. The AS-path attribute is displayed as the sequence of AS numbers in the Path column.0 1.0.EGP.0.incomplete *> *> * * *> *> * * *> *> *> *> Network Network 10. www.1.0. Local-Preference and Weight each have their own columns. The lower case letter ‘i’ means Origin code IGP. h history.1 1.0. The network number is printed on the first of those lines only.0 14.0.0 14.0.0. This means that if the BGP table contains more than one route to the same network. MED (displayed as Metric).0 0.2. local router ID is 12.0 Next Hop Next Hop 1.

. Inc. entered to display a particular network in the BGP routing table. longer-prefixes (Optional) Displays route and more specific routes.show ip bgp To display entries in the Border Gateway Protocol (BGP) routing table. Cisco Systems. show ip bgp [network] [network-mask] [longer-prefixes] Syntax Description network(Optional) Network number. network-mask (Optional) Displays all BGP routes matching the address/mask pair. use the show ip bgp EXEC command. 23-92 BGP Overview Copyright ©1999.

Inc. best Origin IGP.0.1 (10.cisco. advertised over EBGP) Paths: (2 available. Cisco Systems.0.1.1 as the best.0.2.0/8. valid.1. In this example.Displaying Entries in BGP Table router> show ip bgp ip-prefix [mask subnet-mask] • Displays detailed information about all paths for a Advertising router IP address single prefix Fred#show ip bgp There are two different routes to 11.1) 1. BGP Overview 23-93 .0.1 from 1. This displays all the information. best 213 213 1. One is received from neighbor 1.1 (11.1. This means that this is the route that BGP will try to install in the forwarding table.0.1 from 1.1.0. but only about that network.0. localpref 100.0.0. external Advertising router router-ID Next-hop Other BGP attributes AS-Path © 2000. external. version 5 BGP routing table entry for 11.1 (10. advertised over EBGP) 213 213 1.0 BGP routing table entry for 11.0.0 is displayed.0. localpref valid. metric 500.1.2.1) Origin IGP.2.1) 1.1) Origin IGP.0.0.1. localpref 100. metric 1000. metric 500.1 and the other from 1.2. the show ip bgp command should be given with the network number on the command line. Copyright ©1999. version 5 Paths: (2 available.0.2. The BGP route selection process has selected the route via 1.1.0.com BGP_Overview—Page-94 If more information and the complete set of BGP attributes are required. valid.0.0. external Origin IGP. Cisco Systems.1. Installation of routes in the forwarding table is made based on the administrative distance. from 1.0. best #1.1 from 1. external. valid.0/8.2.0. Inc.0. metric 1000. best #1.0. the information about network 11. www.0 Fred#show ip bgp 11. localpref 100.1 (11.

Debugging BGP

debug ip tcp transaction

• Displays all TCP transactions (start of session, session errors …)

debug ip bgp event

• Displays significant BGP events (neighbor state transitions, update runs)

© 2000, Cisco Systems, Inc.



If a BGP session stays in the active state, where it is actively sending connection attempts to the neighbor, debug ip tcp transactions can give valuable information why the connection never succeeds. All TCP transactions in the router will be displayed on the console as they happen. The troubleshooter can now determine if the TCP session is being established or not and the reason for that. If the TCP session succeeds, but is torn down within a short period of time, the reason might be found using debug ip bgp events. All BGP events will be displayed on the console as they happen.


BGP Overview

Copyright ©1999, Cisco Systems, Inc.

Debugging BGP

debug ip bgp keepalives

• Debugs BGP keepalive packets


debug ip bgp updates

• Displays all incoming or outgoing BGP updates (use with caution)

© 2000, Cisco Systems, Inc.



In a stable state with no network topology changes, no updates are sent. When the session has been idle for some time, the BGP protocol exchange keepalive packets. The keepalive timer is default set to 60 seconds. Use debug ip bgp keepalive to get a printout on the console for every keepalive packet sent or received. Successful keepalive exchanges indicates that the session is working and is in a stable state. If no keepalives are sent or received, the session might still be working but the reason for not seeing any keepalives is that it is never idle for long enough. Use debug ip bgp updates to get a printout on the console for every update message sent or received. Successful exchanges of updates indicates that the session is working but is not idle. In a large network, updates are sent and received in large volumes. Starting debug ip bgp updates might cause extensive output on the console. In some cases, the CPU resources used to generate those outputs are so great that the real work that must be done will suffer. In a case with very busy BGP sessions, it is actually possible to set the router in a condition where all CPU resources are consumed with the debugging printouts.

Copyright ©1999, Cisco Systems, Inc.

BGP Overview


Debugging BGP

debug ip bgp updates acl

• Displays all incoming or outgoing BGP updates for routes matching an IP ACL

debug ip bgp neighbor-ip updates [acl]

• Displays all BGP updates received from or sent to a BGP neighbor (optionally matching an IP ACL)

© 2000, Cisco Systems, Inc.



To avoid debug printouts for every update sent or received, an access-list can be created and associated with the debug command. If it is used, only the updates referring to a network number that are permitted according to the access-list, will be displayed on the console. This is extremely useful in a live network with busy BGP sessions and the troubleshooter is interested only in updates on specific networks. Indicating a specific neighbor can even further restrict the debugging. Only the updates on the session to the indicated neighbor will be displayed. Optionally, it can be combined with an access-list.


BGP Overview

Copyright ©1999, Cisco Systems, Inc.

BGP Overview 23-97 . Cisco Systems. Copyright ©1999. Cisco Systems.com BGP_Overview—Page-98 There are a number of common BGP session startup symptoms: s s BGP neighbor never becomes active. Inc. Inc. BGP neighbor is active. www.cisco. but the session is never established • BGP neighbor oscillates between idle and active © 2000. but the BGP session is BGP neighbor state oscillates between idle and not established. s active.BGP Session Startup Troubleshooting Common BGP Session Startup Symptoms • BGP neighbors do not become active • BGP neighbor is active.

They must be configured to reach each other using the IP address belonging to this shared subnet. . in some odd cases. www. 23-98 BGP Overview Copyright ©1999. Cisco Systems.com BGP_Overview—Page-99 BGP sessions to a router in another autonomous system should normally run across directly connected interfaces—routers share a common IP subnet. the local router must have routing information on how to reach that address. Debug ip tcp transactions will display the connect attempts. so that no other routing protocol is required to set up the BGP session. which is directly connected. the BGP session must be configured with the ebgpmultihop option. Cisco Systems. If a router is configured with a BGP neighbor. further investigations must be done. the neighbor is intentionally reachable using a non-directly connected interface.cisco. However. Also. the session will stay in the idle state. The router will not even attempt to set up the session.BGP Session Startup Issues: 1/4 Symptom • BGP neighbors do not become active show ip bgp neighbor display the neighbor state as idle for several minutes Diagnose • Neighbor is not directly connected Verification • Verify with show ip route © 2000. In that rare case. Inc. If the session goes into active state. which is in another AS but not directly connected. The normal way to fix this problem is to change the neighbor reference so that it is referred by an IP address. If this does not succeed. Inc. the router will start to attempt to establish the session.

session is not established debug ip tcp transaction display shows that the SYN TCP packet is not answered with a SYN+ACK packet Diagnose • Neighbor is not reachable Verification • Verify connectivity with ping • Check for access list presence © 2000.cisco. BGP Overview 23-99 .BGP Session Startup Issues: 2/4 Symptom • BGP neighbor is active. Cisco Systems.com BGP_Overview—Page-100 The TCP session establishment starts with the router sending a TCP SYN packet. Inc. the remote router might be dead or not reachable. Cisco Systems. Try to use the ping command and verify the existence of the remote router and the IP packet exchange between the local and remote router. www. If this is never answered. Inc. Copyright ©1999.

14:179. ack 0 TCP: sending SYN.4. seq 545426735.14(179)] 16:35:12: TCB 0x82119C40 destroyed 16:35:12: TCB 0x82119C40 destroyed SYN packet is sent SYN+ACK reply never came back.13.168.com BGP_Overview—Page-101 In the scenario above.11007 TCP: sending SYN. The sending router therefore never receives the reply to the SYN packet and aborts the TCP session in approximately 45 seconds (changing the state from SYNSENT to CLOSED). ack 0 TCP0: Connection to 192. the remote BGP router is not available. Cisco Systems. 23-100 BGP Overview Copyright ©1999. www. TCP session is closed © 2000.4.4. advertising MSS 1460 TCP0: Connection to 192.BGP Session Startup Neighbor not Reachable Router#debug ip tcp transaction Router#debug ip tcp transaction 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: 16:34:30: TCB82119C40 created TCB82119C40 created TCB82119C40 setting property TCP_WINDOW_SIZE (0) 8223BDE8 TCB82119C40 setting property TCP_WINDOW_SIZE (0) 8223BDE8 TCB82119C40 setting property TCP_TOS (11) 8223BDEC TCB82119C40 setting property TCP_TOS (11) 8223BDEC TCB82119C40 bound to 192.168. advertising MSS 1460 TCP0: state was CLOSED -> SYNSENT [11007 -> 192.4. Cisco Systems.4.14(179)] 16:35:12: TCP0: state was SYNSENT -> CLOSED [11007 -> 192. Inc.11007 TCB82119C40 bound to 192.168.cisco.13.14(179)] 16:35:12: TCP0: state was SYNSENT -> CLOSED [11007 -> 192.14:179. Inc.14(179)] TCP0: state was CLOSED -> SYNSENT [11007 -> 192. . seq 545426735.

www. Cisco Systems.cisco. BGP Overview 23-101 . Inc. session is not established debug ip tcp transaction display shows that the SYN TCP packet is answered with a RST packet Diagnose • This router is not configured as BGP neighbor on the neighboring router Verification • Check IP addresses of BGP neighbors with show ip bgp summary on the neighbor router © 2000. Inc. the remote router is alive and reachable but is not willing to grant the connection attempt. Copyright ©1999. The reason for this may be that BGP is not started on the remote router or that the source IP address used by the local router in the connection attempt is not in the remote router’s list of valid neighbors. Cisco Systems.BGP Session Startup Issues: 3/4 Symptom • BGP neighbor is active.com BGP_Overview—Page-102 If the TCP SYN packet is answered with a TCP RST packet. seq 305377215.closing connection: seq 0 ack TCP0: bad seg from 192.4. The remote router responds with a RST packet as soon as it receives the initial SYN packet.14:179.14 -.14(179)] TCP0: state was CLOSED -> SYNSENT [11005 -> 192.14:179.4.com BGP_Overview—Page-103 In the scenario above.168. Cisco Systems. www.168.13.14 -. advertising MSS 1460 TCP0: Connection to 192. terminating the BGP session.4. the remote router is not configured for BGP or there was a mismatch in the neighbor IP addresses. ack 0 TCP0: Connection to 192.remote sent RST TCP0: connection closed .168.168. .remote sent RST TCB 0x82119C40 destroyed TCB 0x82119C40 destroyed SYN packet is sent Neighbor replies with RST packet.BGP Session Startup Neighbor not Configured Router#debug ip tcp transaction Router#debug ip tcp transaction 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 16:30:30: 305377216 305377216 16:30:30: 16:30:30: 16:30:30: 16:30:30: TCB82119C40 created TCB82119C40 created TCB82119C40 setting property TCP_WINDOW_SIZE (0) 8223BDE8 TCB82119C40 setting property TCP_WINDOW_SIZE (0) 8223BDE8 TCB82119C40 setting property TCP_TOS (11) 8223BDEC TCB82119C40 setting property TCP_TOS (11) 8223BDEC TCB82119C40 bound to 23-102 BGP Overview Copyright ©1999.168.168.4. advertising MSS 1460 TCP0: state was CLOSED -> SYNSENT [11005 -> 192.11005 TCP: sending SYN.closing connection: seq 0 ack rcvnxt 0 rcvwnd 0 len 0 rcvnxt 0 rcvwnd 0 len 0 TCP0: connection closed . seq 305377215. TCP session is closed © 2000. Cisco Systems. Inc.cisco.11005 TCB82119C40 bound to 192.168.14(179)] TCP0: state was SYNSENT -> CLOSED [11005 -> 192.4. Inc. ack 0 TCP: sending SYN.14(179)] TCP0: state was SYNSENT -> CLOSED [11005 -> 192.14(179)] TCP0: bad seg from 192.

If the AS numbers do not match. Inc.com BGP_Overview—Page-104 If the TCP session is established using the specified three-way handshake. www. SYN-ACK. SYN. BGP Overview 23-103 . the BGP parameters are mismatching. ACK. but the session is dropped after a short packet exchange. Inc. the session is dropped after exchanging BGP Open messages. Copyright ©1999.BGP Session Startup Issues: 4/4 Symptom • BGP neighbor oscillates between active and idle debug ip tcp transaction display the TCP session being established and torn down immediately Diagnose • AS-number mismatch between BGP neighbors Verification • Verify the AS-numbers configured for neighboring routers show ip bgp summary on both routes © 2000. Make sure that the remote AS configured on each router matches the local AS configured on the neighbor. Cisco Systems. Cisco Systems.cisco.

168.4.14.cisco.168.168.168. advertising MSS 1460 TCP0: state was SYNRCVD -> ESTAB [179 -> 192.4.14(11000)] TCP0: state was SYNRCVD -> ESTAB [179 -> 192. .4. received MSS 1460 TCP: sending SYN.14:11000.168. the BGP session is terminated with a BGP notification and the TCP session is terminated as well.com BGP_Overview—Page-105 Whenever there is a mismatch in AS-numbers (or any other BGP parameters that are necessary for proper BGP operation). www.4.14:11000.4.4. seq 918933898. Cisco Systems.] TCP0: state was LISTEN -> SYNRCVD [179 -> 192.14(11000)] TCB821197BC callback TCB821197BC callback TCB821197BC accepting 82119C40 from] TCP0: Connection to 192.4. advertising MSS 1460 TCP0: Connection to 192. received MSS 1460 TCP0: Connection to 192. seq 918933898.14(11000)] TCP0: state was ESTAB -> FINWAIT1 [179 -> 192. Inc.168. ack 862828853 TCP0: Connection to 192.4.11000 TCB821197BC accepting 82119C40 from 192.14:11000.168.11000 BGP: 192. Cisco Systems.14 reset due to BGP Notification sent BGP: reset due to BGP Notification sent TCP0: state was ESTAB -> FINWAIT1 [179 -> 192. ack 862828853 TCP: sending SYN. Inc.168. 23-104 BGP Overview Copyright ©1999.14(11000)] TCP0: sending FIN TCP0: sending FIN TCP session is established BGP notification is sent due to AS number mismatch in open message © 2000.BGP Session Startup AS-number Mismatch Router#debug ip tcp transaction Router#debug ip tcp transaction Router#debug ip bgp event Router#debug ip bgp event 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:43: 16:40:44: 16:40:44: 16:40:44: 16:40:44: 16:40:44: 16:40:44: TCB82119C40 created TCB82119C40 created TCP0: state was LISTEN -> SYNRCVD [179 -> 192.

but terminated immediately? s Copyright ©1999.Summary There are a number of IOS commands that can be used to monitor and troubleshoot BGP: show ip bgp summary will display the overall status of BGP. BGP Overview 23-105 . configured neighbors and their state s show ip bgp neighbor can be used to get more in-depth information about a BGP neighbor s s show ip bgp will display all entries in the BGP table. Inc. show ip bgp can also be used to display an extended printout about a specific route in the BGP table s debug ip bgp events will display significant BGP events while debug ip bgp updates will display the routing information being exchanged between BGP neighbors s debug ip tcp transactions can also be used to troubleshoot BGP session establishment problems s Review Questions s What information do you get from a show ip bgp Which command is used to display detailed BGP summary? s neighbor information How does the output from show ip bgp tell you which route to a specific destination is selected as the best? s Which is the most common reason for a BGP session not leaving the idle state? s What happens when a BGP session is established. Cisco Systems.

Inc.Summary After completing this chapter. you should be able to perform the following tasks: s Explain the need for BGP and typical BGP usage Describe basic BGP technical characteristics Describe BGP path attributes Describe BGP session establishment and routing Configure basic BGP on Cisco router Monitor and troubleshoot basic BGP setup scenarios s s s information exchange s s 23-106 BGP Overview Copyright ©1999. . Cisco Systems.

Sign up to vote on this title
UsefulNot useful