Professional Documents
Culture Documents
www.ine.com
Comparison between IGPs & BGP
» Similarities and differences between BGP and IGPs
(OSPF and EIGRP):
• BGP needs to form neighborship like IGPs.
• BGP needs to advertise prefixes, just like IGPs.
• BGP also advertises Next Hops for those prefixes.
• Neighbor IP address may not be on a common subnet for
BGP.
• BGP uses TCP (179) and unicast…IGPs do not.
Copyright © www.ine.com
Comparison between IGPs & BGP
» Neighbors versus Peers
• IGP routers are called “neighbors” which typically denotes a direct-
connection.
• BGP routers are called “peers” because there is no need for direct-
connection.
www.ine.com
Overview of iBGP and eBGP
» There are two types of neighbors in BGP: internal BGP
(iBGP) and external BGP (eBGP).
» A BGP router behaves differently in several ways
depending on whether the peer (neighbor) is an iBGP
or eBGP peer.
Router BGP 1 eBGP
neighbor 2.2.2.2 remote-as 2 Peering
» Prefix exchange
• BGP updates received from external peers can be forwarded on to
any other type of peer.
• BGP updates received from internal peers can ONLY be forwarded
on to external peers.
» Update modification
• Certain BGP Path Attributes may only be forwarded to external…or
internal peers.
Copyright © www.ine.com
BGP Neighborship
Requirements
www.ine.com
BGP Peering Overview
TCP Sync (179)
TCP Sync + Ack (179)
Copyright © www.ine.com
BGP Peering Sanity Checks
TCP Sync (179)
TCP Sync + Ack (179)
Copyright © www.ine.com
BGP Authentication
» To configure authentication for BGP, use the following
command:
• neighbor neighbor-ip password key (BGP subcommand)
» This command must be configured on both routers.
» If keys do not match or this command is only
configured on one router, peer-establishment will not
be formed.
Copyright © www.ine.com
BGP Update-Source &
Multihop Requirement
www.ine.com
BGP Update-Source
» TCP Connection must first form between BGP peers.
» This TCP connection must form before BGP messages flow
over this TCP connection.
» Source IP address used in TCP connection usually must
match what your neighbor is expecting from you in his
“neighbor” command.
» The local router tries to form a TCP connection with the IP
address defined in the neighbor remote-as command.
Copyright © www.ine.com
BGP Update-Source
» When peers are directly-connected, source-IP
address of incoming BGP messages is trusted.
TCP Sync (src=1.1.1.1 dest port=179)
1.1.1.1
2
1.1.1.2
Fast0/0 Fast0/0 2
1 TCP Sync + Ack (src = 1.1.1.2 src port=179)
router bgp 1 4 router bgp 2
AS# 1 neighbor 1.1.1.2 remote-as 2
TCP ACK (179) neighbor 1.1.1.1 remote-as 1 AS# 2
5
How do I reach 1.1.1.2?
Oh…via FastEthernet0/ 0! I’ll Am I configured to expect/ trust BGP
1 from 1.1.1.1? Yes!! How do I reply
use that as my source IP.
back to 1.1.1.1? Oh…via
3 FastEthernet0/ 0! I’ll use that as my
source IP.
Copyright © www.ine.com
BGP Update-Source (2)
» What if peers are NOT directly connected?
IP Routing Table
D 3.3.3.0/24 via 1.2.1.2 (Fast0/0) TCP Sync (src=1.2.1.1 dest port=179)
2
AS# 1 1.2.1.1 3.3.3.3 AS# 1
Fast0/0 1.2.1.2 Fast0/0
Serial0/0 TCP Reset (src = 3.3.3.3 src port=179) 4 Serial0/0
1 2
router bgp 1
1.1.1.1
router bgp 1
neighbor 3.3.3.3 remote-as 1 neighbor 1.1.1.1 remote-as 1
IP Routing Table
D 3.3.3.0/24 via 1.2.1.2 (Fast0/0) TCP Sync (src=1.1.1.1 dest port=179)
2
AS# 1 1.2.1.1 3.3.3.3 AS# 1
Fast0/0 1.2.1.2 Fast0/0
Serial0/0 Serial0/0
1 2
router bgp 1
1.1.1.1
router bgp 1
neighbor 3.3.3.3 remote-as 1 neighbor 1.1.1.1 remote-as 1
neighbor 3.3.3.3 update-source Serial0/0 neighbor 1.1.1.1 update-source FastEthernet0/0
Copyright © www.ine.com
BGP Parallel Links (Solution #1)
Copyright © www.ine.com
BGP Parallel Links (Solution# 2)
IP Routing Table IP Routing Table
C 1.2.1.0/24 via Fast0/0 C 1.2.1.0/24 via Fast0/0
C 1.1.1.0/24 via Fast0/1 C 1.1.1.0/24 via Fast0/1
S 12.12.12.12/32 S 11.11.11.11/32
via 1.1.1.2 TCP Sync (179) via 1.1.1.1
via 1.2.1.2 TCP Sync + Ack (179) via 1.2.1.1
TCP ACK (179)
Loop0 Loop0
11.11.11.11 / 32 12.12.12.12 / 32
AS# 1 AS# 1
Fast0/0 1.2.1.1 0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 router bgp 1
neighbor 12.12.12.12 remote-as 1 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 neighbor 11.11.11.11 update-source Loop0
! !
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.2.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
Copyright © www.ine.com
Case where “Update-Source” not needed
Loopback0
2.2.2.2
1.1.1.1 1.1.1.2
1 2
Router bgp <whatever> Router bgp <whatever>
neighbor 2.2.2.2 remote-as <whatever> neighbor 1.1.1.1 remote-as <whatever>
1
TCP Sync (Dest Port=179) Src=1.1.1.1 Dest = 2.2.2.2
2
TCP Sync+ACK (Source Port=179) Src=2.2.2.2 Dest = 1.1.1.1
• Notice that in this instance, Router-2 responds using it’s Loopback Interface
IP Address as a source IP…even without “update-source” configured.
Copyright © www.ine.com
eBGP Problem
IP Routing Table IP Routing Table
C 1.2.1.0/24 via Fast0/0 C 1.2.1.0/24 via Fast0/0
C 1.1.1.0/24 via Fast0/1 I can’t even start the TCP
C 1.1.1.0/24 via Fast0/1
S 12.12.12.12/32 process because my peer is S 11.11.11.11/32
via 1.1.1.2 NOT directly-connected!! via 1.1.1.1
via 1.2.1.2 via 1.2.1.1
Loop0 Loop0
11.11.11.11 / 32 12.12.12.12 / 32
AS# 1 Fast0/0 1.2.1.1
AS# 2
0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 router bgp 2
neighbor 12.12.12.12 remote-as 2 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 neighbor 11.11.11.11 update-source Loop0
! !
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.2.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
Copyright © www.ine.com
eBGP Solution #1 - Multihop
IP Routing Table IP Routing Table
C 1.2.1.0/24 via Fast0/0 C 1.2.1.0/24 via Fast0/0
C 1.1.1.0/24 via Fast0/1 C 1.1.1.0/24 via Fast0/1
S 12.12.12.12/32 S 11.11.11.11/32
via 1.1.1.2 via 1.1.1.1
via 1.2.1.2 via 1.2.1.1
Loop0 Loop0
11.11.11.11 / 32 TCP Sync (179) IP TTL = 255 12.12.12.12 / 32
AS# 1 AS# 2
Fast0/0 1.2.1.1 0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 router bgp 2
neighbor 12.12.12.12 remote-as 2 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 neighbor 11.11.11.11 update-source Loop0
neighbor 12.12.12.12 ebgp-multihop neighbor 11.11.11.11 ebgp-multihop
! !
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.2.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
Copyright © www.ine.com
eBGP Solution #2 – Disable Connected
IP Routing Table IP Routing Table
C 1.2.1.0/24 via Fast0/0 C 1.2.1.0/24 via Fast0/0
C 1.1.1.0/24 via Fast0/1 C 1.1.1.0/24 via Fast0/1
S 12.12.12.12/32 S 11.11.11.11/32
via 1.1.1.2 via 1.1.1.1
via 1.2.1.2 via 1.2.1.1
Loop0 Loop0
11.11.11.11 / 32 TCP Sync (179) IP TTL = 1 12.12.12.12 / 32
AS# 1 AS# 2
Fast0/0 1.2.1.1 0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 router bgp 2
neighbor 12.12.12.12 remote-as 2 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 neighbor 11.11.11.11 update-source Loop0
neighbor 12.12.12.12 disable-connected-check neighbor 11.11.11.11 disable-connected-check
! !
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.2.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
Copyright © www.ine.com
BGP Message Types,
BGP Table, & BGP Routes
www.ine.com
BGP Message Header and Types
» All BGP messages carried within IP/TCP Headers
IP Header
TCP Header
Marker (All “Fs”) 16-bytes Length (2-bytes) Type (1 byte)
BGP Data
Copyright © www.ine.com
BGP Open Message (Sniffer Trace)
Copyright © www.ine.com
BGP Message Types - Update
» BGP Update Message:
• Informs neighbors about withdrawn routes, changed routes, and new
routes.
• Used to exchange PAs and the associated prefix/length (NLRI) that
use those attributes.
Marker (All “Fs”) 16-bytes Length (2-bytes) Type = 2
Unfeasible Routes
Withdrawn Routes (if any)
Length
Total Path Attributes
Path Attributes (TLV)
Length
NLRI Prefix Length NLRI Prefix
Copyright © www.ine.com
BGP Update Message (Sniffer Trace)
Copyright © www.ine.com
BGP Message Types - Notification
» BGP Notification message:
• Used to signal a BGP error; typically results in a reset to the neighbor
relationship
Data
Copyright © www.ine.com
BGP Notification Message (Sniffer Trace)
Copyright © www.ine.com
BGP Message Types - Keepalive
» BGP Keepalive message:
• Sent on a periodic basis to maintain the neighbor relationship. The
lack of receipt of a Keepalive message within the negotiated Hold
timer causes BGP to bring down the neighbor connection.
IP Header
TCP Header
Marker (All “Fs”) 16-bytes Length (2-bytes) Type = 4
Copyright © www.ine.com
BGP Keepalive Message (Sniffer Trace)
Copyright © www.ine.com
Examining the BGP Table
» To verify the BGP table, use the command
show ip bgp.
» The output will list all the BGP learned routes, locally
injected plus learned from neighbors.
» With each prefix it will have multiple attributes that
can be examined and used for best path selection.
» Each prefix can have multiple paths with different next-
hops.
Copyright © www.ine.com
Examining the BGP Table
Copyright © www.ine.com
Examining the BGP Table
» Prefixes with ‘*’ are valid to be considered for best-path
algorithm.
» Best path is presented by ‘>’.
» The Path heading shows the AS_Path Attribute.
» The BGP show commands list the AS_Path with the
first-added ASN on the right and the last-added ASN on
the left.
Copyright © www.ine.com
Verification Commands for eBGP Learned Routes
Copyright © www.ine.com
BGP Neighbor States
www.ine.com
BGP Neighbor States
» BGP goes to through the following neighborship states:
» Idle: The BGP process is either administratively down or
awaiting the next retry attempt.
Copyright © www.ine.com
BGP Neighbor States
» Act ive: BGP has initiated an outbound TCP connection
request and is waiting for the 3-way handshake to complete.
BGP can enter this state either because:
• This router was the first router to initiate a connection (from Idle-to-Active)
• This router received an initial, inbound connnection request that failed to
complete the TCP handshake (Idle-Connect-Active)
» Opensent : The TCP connection exists, and a BGP Open
message has been sent to the peer, but the matching Open
message has not yet been received from the other router.
Copyright © www.ine.com
BGP Neighbor States
» Openconfirm: An Open message has been both sent to and
received from the other router.
Copyright © www.ine.com
State Transitions: TCP Handshake Failure
Possibility #1
ConnectRetry Timer
TCP
Sync+ACK
TCP
timeout
Active
“Initiate TCP”
TCP Sync Transmited
EXPIRED!
TCP
Sync Sent
ConnectRetry Timer
(stopped)
Possibility #2
Copyright © www.ine.com
Moving to OpenSent
Idle “Start event” Active
“ Initiate TCP”
TCP
ConnectRetry Timer Sync Sent
TCP Sync+AcK
received
OpenSent
Copyright © www.ine.com
Possibility #3
Moving from OpenSent (1)
Open Received but bad BGP header
or bad Open parameters
OpenSent
BGP Notification
Idle ACTIVE
“ Initiate TCP”
Copyright © www.ine.com
Moving from OpenSent (2)
Open Received …everything looks good!
OpenSent
Open
Confirm BGP Keepalive received
www.ine.com
Peering and Router-IDs
» When two routers are initially configured to
peer with each other, they don’t know each
other’s BGP Router-IDs.
» Normally, the router with highest Router-ID
will init iat e the TCP handshake with the router
that has lowest Router-ID.
» That can’t happen if Router-IDs are unknown.
Copyright © www.ine.com
BGP Collisions?
» If BGP Router-IDs are unknown, a peering collision may occur.
TCP Sync (179)
TCP Sync + Ack (179)
TCP ACK (179)
Hey, I’ve already got a
session with you! Hey, I’ve already got a
BGP Open (RiD=11.11.11.11)
session with you!
Loop0 BGP Notification (Cease!!) Loop0
11.11.11.11 / 32 12.12.12.12 / 32
AS# 1 AS# 2
Fast0/0 1.2.1.1 0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 TCP Sync (179) router bgp 2
neighbor 12.12.12.12 remote-as 2 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 TCP Sync + Ack (179) neighbor 11.11.11.11 update-source Loop0
neighbor 12.12.12.12 ebgp-multihop TCP ACK (179) neighbor 11.11.11.11 ebgp-multihop
bgp router-id 11.11.11.11 bgp router-id 12.12.12.12
! BGP Open (RiD=12.12.12.12) !
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.2.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
Copyright © www.ine.com
How do we prevent collisions?
» Router can be configured to only accept inbound connections,
but not ACTIVELY initiate outbound connections.
TCP Sync (179)
TCP Sync + Ack (179)
TCP ACK (179)
BGP Open (RiD=12.12.12.12)
AS# 1 AS# 2
Fast0/0 1.2.1.1 0/1 0/3 Fast0/0 1.2.1.2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
router bgp 1 router bgp 2
neighbor 12.12.12.12 remote-as 2 neighbor 11.11.11.11 remote-as 1
neighbor 12.12.12.12 update-source Loop0 neighbor 11.11.11.11 update-source Loop0
neighbor 12.12.12.12 ebgp-multihop neighbor 11.11.11.11 ebgp-multihop
neighbor 12.12.12.12 transport connection-mode passive bgp router-id 12.12.12.12
bgp router-id 11.11.11.11 !
! ip route 11.11.11.11 255.255.255.255 1.1.1.2
ip route 12.12.12.12 255.255.255.255 1.1.1.2 ip route 11.11.11.11 255.255.255.255 1.2.1.2
ip Copyright
route 12.12.12.12 255.255.255.255 1.2.1.2
© www.ine.com
Who initiated the connection?
Copyright © www.ine.com
Defeating BGP DoS
Attacks with TTL Security
www.ine.com
BGP DoS Example
eBGP’s reliance on TTL=1 leaves it open to attack.
Guess I need to kill my
BGP peering with
12.12.12.12!
AS# 2
BGP Notification= CEASE!! BGP Notification= CEASE!!
IP TTL=1 (RiD=12.12.12.12)
IP TTL=4 (RiD=12.12.12.12)
Dest=1.2.1.1 Source=1.2.1.2 Dest=1.2.1.1 Source=1.2.1.2
Fast0/0 1.2.1.1 Fast0/0 1.2.1.2
1 2
router bgp 1 router bgp 2
neighbor 1.2.1.2 remote-as 2 neighbor 1.2.1.1 remote-as 1 Evil Person
bgp router-id 11.11.11.11 bgp router-id 12.12.12.12 Destination 1.2.1.1?
! AS# 1 ! I can forward that!
Copyright © www.ine.com
TTL and eBGP Sessions
» eBGP sessions assume neighbor is directly-connected.
» TTL in eBGP sessions set to “1” if Connected route is found.
» If neighbor NOT directly connected, additional configuration
needed to start BGP peering process (which affects
outbound TTL)
• eBGP-multihop (sets TTL in outbound BGP packets to 255)
• Disable-connected-check (sets TTL to “1” in outbound BGP packets.
• TTL-Security (to be discussed next)
Copyright © www.ine.com
TTL-Security
» By default, any TTL value (>0) of received BGP
packets is accepted from eBGP peers.
» TTL-Security = Mechanism to enforce TTL values to
prevent DoS
• (config-rtr)#neighbor x.x.x.x ttl-security hops <1-254>
» How is “hops” used?
• 255 - <hops> = X
• All incoming BGP packets must have TTL ≥ X
Copyright © www.ine.com
TTL-Security with Direct-Connection Peering
BGP packets sent with TTL=255
1 R1 R2
Copyright © www.ine.com
TTL-Security with Multihop Peering
BGP packets sent with TTL=255
1 R1 R2
1.2.1.1 2.2.2.2
a b x Y
1 2
neighbor 2.2.2.2 ttl-security hops 2 neighbor 1.2.1.1 ttl-security hops 2
Evil Person
AS# 1 (customer) AS# 2 (ISP)
Copyright © www.ine.com
TTL-Security with Loopback Peering (Method #1)
BGP packets sent with TTL=255
1 R1 R2
www.ine.com
Neighbor Failures – Direct Connections
» BGP neighbors may be directly, or indirectly connected.
» Failures of direct-connection = immediate teardown of BGP
peer.
1.1.1.1 1.1.1.2
Fast0/0 Fast0/0 2
1
router bgp 1 router bgp 2
AS# 1 neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1 AS# 2
Copyright © www.ine.com
Neighbor Failures – Indirect Connections
» Indirect neighbor failures rely on BGP Holddown timer = 180-seconds.
Copyright © www.ine.com
Adjusting BGP Timers
» BGP Keepalives can be reduced to a minimum of 1-
second with a minimum holdtime of 3-secs.
Copyright © www.ine.com
Other ways of failure detection
» Several other options exist for neighbor failure
detection which don’t affect CPU:
• Neighbor Fall-Over
• Neighbor Fall-Over Route-Map
• Neighbor Fall-Over BFD
» All of the above are called, “BGP Fast Peering
Session Deact ivat ion”
Copyright © www.ine.com
Neighbor Fall-Over
» The “neighbor x.x.x.x fall-over” command has several options:
• Tracks IGP route to BGP peer (iBGP or eBGP). When route is lost,
peer immediately taken down.
• Does NOT work if router ALSO contains a default route.
Copyright © www.ine.com
Neighbor Fall-Over
Loopback0 Loopback0
11.11.11.11 1.1.1.1 22.22.22.2
1.1.1.2
Fast0/0 Fast0/0 2
AS# 1 1
router bgp 1 EIGRP router bgp 1
neighbor 22.22.22.2 remote-as 1 neighbor 11.11.11.11 remote-as 1
neighbor 22.22.22.2 fall-over neighbor 11.11.11.11 fall-over
Copyright © www.ine.com
Neighbor Fall-Over – The Problem
Loop0 iBGP peering Loop0
199.10.1.1/ 32 199.11.1.3/ 32
ISP-A iBGP peering
iBGP peering ISP-C
1.1.1.2 2 7.7.7.2 Fast0/0
1 3
199.11.0.0/16
EIGRP AS 100 199.10.0.0 /16
via Rtr-X!!
A via Rtr-Y!!
199.10.x.x/16 199.11.x.x/16 C
X Y
Corporate
Intranet Routers
Copyright © www.ine.com
BGP Fast Peering Session Deactivation with Next-Hop
Address Tracking
» A Route-Map can be associated to the “neighbor x.x.x.x fall-over” command:
• Tracks IGP route to BGP peer (iBGP or eBGP). When route is lost,
peer immediately taken down.
• Doesn’t care if a default route (or aggregate) exists or not.
Copyright © www.ine.com
Neighbor Fall-Over – The Solution!
Loop0 iBGP peering Loop0
199.10.1.1/ 32 199.11.1.3/ 32
ISP-A iBGP peering
iBGP peering ISP-C
1.1.1.2 2 7.7.7.2 Fast0/0
1 3
199.11.0.0/16
EIGRP AS 100 199.10.0.0 /16
via Rtr-X!!
A via Rtr-Y!!
199.10.x.x/16 199.11.x.x/16 C
X Y
Corporate
Intranet Routers
A B
AS# 1 AS# 2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
7.7.7.0/24
router bgp 1 router bgp 2
neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1
neighbor a.a.a.a remote-as 3 neighbor b.b.b.b remote-as 4
network 7.7.7.0 mask 255.255.255.0
A B
AS# 1 AS# 2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
7.7.7.0/24
Interface FastEthernet0/1 Interface FastEthernet0/1
ip address 1.1.1.1 255.255.255.252 ip address 1.1.1.2 255.255.255.252
bfd interval 100 min_rx 100 multiplier 3 bfd interval 100 min_rx 100 multiplier 3
! !
router bgp 1 router bgp 2
neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.2 fall-over bfd neighbor 1.1.1.1 fall-over bfd
neighbor a.a.a.a remote-as 3 neighbor b.b.b.b remote-as 4
network 7.7.7.0 mask 255.255.255.0
Copyright © www.ine.com
Indirect Link Failure with BFD (1)
AS# 3 A B
AS# 4
1.3.1.3 2.4.2.4
Loop0 Loop0
11.11.11.11 / 32 22.22.22.22/ 32
AS# 1 1.3.1.1 2.4.2.2 AS# 2
Fast0/1 1.1.1.1 0/2 0/4 Fast0/1 1.1.1.2
1 2
7.7.7.0/24
!
router bgp 1 !
neighbor 22.22.22.22 remote-as 2 router bgp 2
neighbor 22.22.22.22 ebgp-multihop neighbor 11.11.11.11 remote-as 1
neighbor 22.22.22.22 update-source loopback0 neighbor 11.11.11.11 ebgp-multihop
neighbor 1.3.1.3 remote-as 3 neighbor 11.11.11.11 update-source loopback0
network 7.7.7.0 mask 255.255.255.0 neighbor 2.4.2.4 remote-as 4
! !
Ip route 22.22.22.22 255.255.255.255 1.1.1.2 Ip route 11.11.11.11 255.255.255.255 1.1.1.1
2. How long will it take for Router-2 to tear down the BGP peering session with
Router-1 when port 0/2 on the switch goes down? ____________
Copyright © www.ine.com
Answer
2. How long will it take for Router-2 to tear down the BGP peering session with
Router-1 when port 0/2 on the switch goes down? After roughly 900msecs.
Copyright © www.ine.com
Quiz!!!
Loop0 iBGP peering Loop0
11.11.11.11/ 32 33.33.33.33/ 32
ISP-A iBGP peering
iBGP peering ISP-C
1 Fast0/0 2 Fast0/0 3
0.0.0.0/0 via
EIGRP AS 100
Rtr-X (EIGRP)
A
C
X Y
Corporate
Intranet Routers
Which of the features that we’ve learned about in this series would quickly
teardown the iBGP Peering between Router-1 and Router-3 if FastEthernet0/0
on Router-1 went down…WITHOUT consuming any additional bandwidth on
any of the links shown here?
Copyright © www.ine.com
Answer
Loop0 iBGP peering Loop0
199.10.1.1/ 32 199.11.1.3/ 32
ISP-A iBGP peering
iBGP peering ISP-C
1.1.1.2 2 7.7.7.2 Fast0/0
1 3
199.11.0.0/16
EIGRP AS 100 199.10.0.0 /16
via Rtr-X!!
A via Rtr-Y!!
199.10.x.x/16 199.11.x.x/16 C
X Y
Corporate
Intranet Routers
Copyright © www.ine.com
Q&A