BGP(Border Gateway Protocol )

Basics of Routing

Link State
• OSPF/IS-IS
• Relies on state of links

Distance Vector
• EIGRP/RIP
• Advertises Vector and Distance

Path Vector
• BGP
• Share information between
autonomous systems
• Path vector protocols rely on
analysis of the path to reach the
destination and determine if it is
loop free
•complete topology map

What is BGP?

➢ BGP is a dynamic protocol that allows communication between two

autonomous networks.
Example: ABC company wants to connect to Internet. Internet will be provided
by the ISP.
For company ABC, ISP is a autonomous network(Unknown). So, To exchange
routes between ABC company and ISP, BGP is required
OSPF / EIGRP BGP
Forms neighbor relationship before sending SAME
routing information
Neighbors typically discovered using multicast Neighbor IP address is explicitly configured and may
packets (224.0.0.x) on the connected subnets not be on same subnet.
Does not use TCP Uses a TCP connection between neighbors (port 179).
Advertises prefix/length Advertises prefix/length, called Network Layer
Reachability Information (NLRI.)
Advertises metric information Advertises a variety of path attributes (PA) that BGP
uses instead of a metric to choose the best path.
Emphasis on fast convergence to the truly most Emphasis on scalability; may not always choose the
efficient route most efficient route.
Link state (OSPF) or Hybrid (EIGRP) logic Path vector logic (similar to distance vector).

❖ 3 ways to receive BGP routes from an ISP:

Default routes from each provider: Internal IGP metrics determine the exit
router for all outbound traffic.

Def routes + more specific routes: Enables you to manipulate the exit path for
specific routes using BGP so that traffic takes a shorter path to networks in each
ISP.

All routes from all providers: Requires high bandwidth and router resources.
Path selection for all external routes can be controlled via BGP and policy
routing tools.

Two ways to get networks into BGP

-network commands
-redistribution
Multihoming Cases:

Single-homed: Single ISP connection

Dual-homed: Multiple connections to same ISP
Multihoming: Connecting to more than one ISP at the same time; typically uses
BGP.
Dual-multihomed: Two connections to multiple ISPs.

Characteristics:

Routers running BGP are termed BGP speakers. Neighbors are peers; must be
statically assigned.
Runs on top of TCP (Port 179) - used for reliability.
Path-vector: Fancy distance vector based on hop count between autonomous
systems.
ASN #s 1-64550 – Assigned to you by IANA. BGP Version 4 is the only EGP.

Routers can o0nly run one instance of BGP at a time.

AD for eBGP routes is 20; iBGP is 200.

Routing between ASs is called interdomain routing.

Updates are incremental and triggered; only sends what has changed. Slow to
converge. Periodic keepalives. BGP leverages keepalive messages to maintain
neighbor relationships.

When an update about a network leaves an AS, that AS’s number is prepended
to the list of ASs that have handled that update. When an AS receives an update,
it examines the AS list. If it finds its own ASN in that list, the update is
discarded. Loop prevention.

Routing Information Base (RIB) A list of networks known by BGP along with
their paths and attributes “sh ip bgp”

Uses many attributes; each route has its own set. BGP goes through from top to
bottom to find attribute that isn’t a tie.

Default route: 0.0.0.0 route out one path, incoming traffic has two routes in; if
one ISP fails, routes will converge towards the alternate ISP.

Partial updates - Useful in a situation where two ISPs serve two areas
differently. One route out can prefer an ISP who is better in one area, while the
 other route out prefers the other ISP. There are still backup routes out both ways
as a failover.

Full updates - Router will receive entire BGP table from each connected ISP
and decide best path for each network.

Packet types: 4

Open: Starts the session. Hello. After a neighbor is configured, BGP sends open
to establish peering, includes ASN RID, and hold time.
Keepalive: Resets hold down timer. 60 seconds by default.
Update: Most common. Network reachability exchanges, up/down, path
attributes.
Notification: Something bad has happened; error on conn, missed too many
packets, wrong AS; close session.

Tables: Similar to IGPs; 3

Neighbor: The connected BGP friends that are manually configured.
BGP: A list of all BGP routes that have been received from ISPs (can be big).
Routing: A list of the best routes.

iBGP: Internal - Between two routers w/i the same AS.

eBGP External - Between two routers w/i different AS’s. Usually what is used
when peering with ISP. Neighbors don’t have to be directly connected.

Transit AS: AS that BGP routes go through.

Router can only be in one AS at a time “BGP is already running: AS is #”
Most commands start with “neighbor”

To add a neighbor:
router) neighbor [IP] remote-as [AS #]
Can’t add same router twice if it has 2 separate connections/IPs leading back:
Use loopbacks.
If there are redundant links to the ISP, use loopbacks with static routes to the
neighbor loopbacks and physical IPs.

When doing either of the above, you must also change the source IP for the
neighbors to form:
router) neighbor [IP] update-source [Loopback#]

BGP assumes that external neighbors are directly connected and that they are
peering with the IP of a directly connected interface of their neighbor. If not,
 you must tell BGP to look more than one hop away for its neighbor. This breaks
the above. To resolve, use multihop:
router) neighbor [IP] eBGP-multihop [# of hops to neighbor]
The network command tells BGP what networks to advertise, regardless of
interface. Hostmasks must be identical if advertising a subnet. Networks do not
have to be connected; they just have to be in the routing table:
router) network [IP] (mask) [hostmask]

To create a peer group to which you can then assign neighbors:

router) neighbor peer (group name) peer-group
Auto summarization is on by default
no auto-summary

Synchronization - Do not use or advertise a route learned via iBGP until the
same route has been learned via the internal routing protocol. If other internal
routers don’t know the route, the end network will be unreachable. Off by
default in newer releases.

BGP Route summarization:

router) aggregate-address [IP] [MASK] (summary-only)
!!! summary-only suppresses the advertisement of subset
routes (shows “s” in show ip bgp)
In routing table, BGP routes show [AD/MED]

Next-Hop Processing:
eBGP - Change next hop address on advertised routes.
iBPG - Do not change next hop address on advertised routes. Meant for
networks that share the same segment so routes don’t have an extra hop. iBGP
routers must have a route to the network connecting their AS to the edge router.
eBGP routes (iBGP neighbors) won’t have the correct next hop address without
setting:
router) network [IP] next-hop-self

iBGP Loop Prevention(Split Horizon):-

Solution for Split Horizon issue

1.Full-meshed iBGP Peerings

2.Route Reflectors
3.Confederation
iBGP Route reflection
###################
-> Eliminates need of full mesh
-only need peering(s) to the RR(s)
-> Like OSPF DR & IS-IS DIS, minimizes prefix replication
-send one update to the RR
-> RR sends the update to its “clients”
-> Loop prevention through Cluster-ID
-> RR discards routed received with its own cluster-id
-> Does not modify other attributes such as next-hop

Large Scale Route Reflection

#########################
Larger scale BGP designs cannot be serviced by only a single RR
-> single RR is a single point of failure
RR “clusters” allow redundancy and hierarchy
-> cluster is defined by the clients a RR servers
-> RRs in the same cluster use the same cluster-ID

Inter-Cluster peering’s between RRs can be client or non-client peerings

-depends on redundancy design

BGP Confederation
#################
Reduces full mesh IBGP requirement by splitting AS into smaller Sub-Ases
-> inside Sub-AS full mesh or RR requirement remains
-> between sub-AS acts like EBGP
Devices outside the confederation do not know about the internal structure
-> Sub-AS numbers are stripped from advertisements to “true” EBGP peers
Typically uses ASNs in private range (64512-65635)

Attributes:
Attributes are ways you can tag incoming/outgoing BGP routes that make its
metric.

The BGP update message lists a set of PAs, plus any prefixes/lengths that use
those PAs. It can also list withdrawn routes in the same update message as
newly advertised routes. It can also list multiple prefixes in a single update
message.
Well-known mandatory: Must be recognized by all BGP routers & present in all
updates: AS Path, origin, next hop.

Well-known discretionary: Must be recognized by all BGP routers & passed on

to other BGP routers, but need not be present in an update; local preference.

Optional transitive: Might not be recognized by a BGP router; travels from

router to router (AS to AS). If not recognized, marked as partial; aggregator,
community.

Optional nontransitive: Might not be recognized by BGP and is not passed on to

other routers; MED, originator ID.

Attributes: Work top down. Tie usually broken in 1-4. Need to know 1-5!
N WLLA OMNI: Next hop > Weight > Local_Pref > Local source > AS-Path >
Origin > MED > Neighbor Type > IPG Metric
Autonomous system path (AS-Path - Mandatory)
Next hop address (Mandatory)
Origin (Mandatory)
Local preference (Discretionary)
Atomic aggregate (Discretionary)
Aggregator (Optional)
Multi-Exit Discriminator (MED/Metric) (Optional)

0. Ignore routes with an inaccessible next hop address

1. Prefer the path with the highest Weight. Cisco proprietary. Local.
2. Prefer the path with the highest Local_Pref. Configured on router.
Advertised to other routers in AS, local to AS. Higher is better.
3. Prefer the path that was locally originated via a network command.
4. Prefer the path with the shortest AS_PATH. Hop count. Tie usually broken
here. sh ip bgp to see. Prepend to lengthen.
5. Prefer the path with the lowest origin code. i>e>? (e doesn’t exist anymore)
6. Prefer the path with the lowest multi-exit discriminator (MED). The metric.
Can influence other AS’s. Suggests preferred path.
7. Prefer eBGP to iBGP paths.
8. Prefer the path with the lowest IGP metric to the BGP next hop.
9. Determine if multiple paths require installation in the routing table for MGP
Multipath
10. When both paths are external, prefer the path that was received first (the
oldest one).
11. Prefer the route that comes from the BGP router with the lowest router ID.
12. If the originator or router ID is the same for multiple paths, prefer the path
with the minimum cluster list length.
 13. Prefer the path that comes from the lowest neighbor IP address. Tie is
broken here no matter what.

sh ip bgp summary:

sh ip bgp summary shows neighbors, state with a number is established.

To disable a neighbor without removing configuration:
router) neighbor [IP] shutdown
To see a list of peers and their status:
sh ip bgp neighbors

BGP States:-

Idle
Connect
Open sent
Open confirm
Active
Established

Idle: No peering; router is looking for neighbor. “Idle (admin)” means neighbor
has been shutdown.
Some of the reasons why a router does not progress from the Idle state are:

§ TCP port 179 is not open.

§ A random TCP port over 1023 is not open.
§ Peer address configured incorrectly on either router.
§ AS number configured incorrectly on either router .
Connected: TCP handshake completed.
If an error occurs, BGP moves to the Active state. Some reasons for the error are:

§ TCP port 179 is not open.

§ A random TCP port over 1023 is not open.
§ Peer address configured incorrectly on either router.
§ AS number configured incorrectly on either router.

Active State:

If the router was unable to establish a successful TCP session, then it ends
up in the Active state.

Some of the reasons for this include:

TCP port 179 is not open.

A random TCP port over 1023 is not open.
BGP configuration error.
Network congestion
Flapping network interface.
Open Sent/Active: An open message was sent to try to establish the
peering.

If there is an error it is because one of the fields in the Open message doesn’t
match between the peers, e.g. BGP version mismatch, MD5 password
mismatch, the peering router expects a different My AS. The router will then
send a Notification message to the peer indicating why the error occurred.
If there is no error, a Keepalive message is sent, various timers are set and the
state is changed to Open Confirm.
Open Confirm: Router has received a reply to the open message.

If a timer expires before a Keepalive message is received, or if an error condition

occurs, the router transitions back to the Idle state.

Established: Routers have a BGP peering session – this is the desired state.

If there is any error in the Update message then a Notification message is sent to
the peer, and BGP transitions back to the Idle state.
If a timer expires before a Keepalive message is received, or if an error
condition occurs, the router transitions back to the Idle state.

Troubleshoot session establishment with:-

Debug ip bgp events Debug ip bgp
ipv4 unicast
!!! Common causes are: AS number misconfig; neighbor address misconfig; a
neighbor with no neighbor statement for you; a neighbor with no route to
the source of your router’s BGP messages.
sh ip bgp to see networks, next hops, and other path attributes:
* = valid path

> = best (goes into routing table)

s = suppressed - BGP knows net, but isn’t advertising
b/c of summarization
d = dampened – BGP stops advertising a net that flaps

h = history – BGP knows about the network but doesn’t

have a valid route to it
r = RIB failure – route was advertised to BRP but not installed in the routing
table. May be b/c another IGP has a better route. (sh ip bgp rib-failure)
s = stale – Used with nonstop forwarding to indicate the route is stale and needs
to be refreshed when the peer is re-established.

An “i” in the third column would indicate the route was

learned from an iBGP neighbor. Blank space is eBGP.
“i” is internal, usually entered with “network” command. “e” no longer exists.
(These are at end of AS path)
“?” is incomplete, usually from redistributing a route into BGP.

Show commands:

sh ip bgp rib-failure: Displays routes not put into routing table and why.
sh ip bgp summary: Displays the memory used by BGP databases, activity
stats, and neighbors

sh ip bgp neighbors (IP): Displays neighbor details. sh ip bgp neighbors (IP)

(received/routes/advertised):
Lets you monitor routes received/advertised.

Manipulating Best path selection

############################
Outbound routing policy affects inbound traffic
Inbound routing policy affects outbound traffic
Weight and local pref
-> set inbound
-> affects outbound traffic
AS-path and MED
-> set outbound
 -> affects inbound traffic

❖ Set weight with a route-map inbound, or per neighbor:

router) neighbor [IP] weight [#] !!! Reset BGP process.

❖ Local preference - Set under router BGP. 100 is default. Tells iBGP peers
which path to select for traffic leaving the AS.
router) bgp default local-preference [#]
Can also use a route-map to set per network.
router) neighbor [IP] route-map (NAME) [in/out]

❖ Multi-Exit Discriminator (MED): Metric - Suggests to a neighboring AS

which of multiple paths to select for traffic bound to your AS. Lower is
better. Can set the MED with a route-map (set metric) or by default by:
router) default-metric [#]

❖ AS_PATH prepending: The routing policy of purposefully adding one or

more ASNs to the beginning of a route’s AS_PATH path attribute,
typically to lengthen the AS_PATH and make the route less desirable in
the BGP decision process. Be considerate of loop avoidance!:

Create ACL and matching route-map

route-map) set as-path prepend [ASN 1] (ASN 2) router) neighbor (IP)
route-map (NAME) IN
To enable BGP to load balance over more than 1 path, max of 6:
router) maximum-paths (#)
Control what routes are given out and their attributes with route maps and/or
prefix lists:
router) neighbor [IP] (prefix-list) (route-map) (distribute-list) (NAME)
in/out

❖ When attributes are changed, BGP must be cleared to reset/apply them.

router) clear ip bgp *
router) clear ip bgp * soft (in/out)

❖ BGP authentication supports MD5, using a shared password. Most ISPs

require this:
router) neighbor [IP] password (password)

BGP Filtering
###########
Route Filtering Tools
•Prefix lists:
•Used for prefix-based filtering or matching of routes.
•Can be used to match on the prefix, route source, or next-hop address.

•AS path access lists:

•Used in BGP for filtering or route matching based on BGP AS Path attribute.
•Route maps:
•Primarily used to implement complex routing policies.

•Can also be used as a powerful filtering tool.

BGP updates filtering occurs on a per peer basis with..

-neighbor [address] distribute-list
-neighbor [address] filter-list
-neighbor [address] prefix-list
-neighbor [address] route-map

Using route-map avoids order of operations issues.

Some More:

The relationship between route maps and prefix lists (and access lists) has
two fundamental properties:
Similarly, when working with route maps for the same purpose, the
following rules apply:

#####################

What is the difference between the hard reset and soft reset in BGP?

In case of hard reset the local router brings down the neighborship, brings down the underlying
TCP connection and all the BGP table entries learned from that neighbor are removed. #clear ip
bgp * command is used for hard reset.

In case of a soft reset, the router does not bring down the BGP neighborship or the underlying
TCP connection. However, the local router resends outgoing Updates and reprocesses incoming
Updates adjusting the BGP table based on the current configuration. #clear ip bgp * soft command
is used for soft reset.

BGP Convergence
################

Defaults
keepalive: 60 seconds
holdtime: 180 seconds
Hello and keepalive timers
-lowest timers are negotiated during peering establishment
-timers bgp
-neighbor timers

Link down detection

-bgp fast-external-fallover

Update timers
.neighbor advertisement-interval
-bgp nexthop {trigger {delay seconds | enable} | route-map map-name}
-bgp scan-time
-bgp update-delay

BGP : FOUR MAIN STEPS TO UNDERSTAND SETUP

==================
Step 1 : Check details of BGP Neighborship
Checking details of BGP Neighborship
CE1#sh ip bgp sum

Step 2 : Check details of BGP Received routes

Checking details of BGP Received routes

CE1# sh running-config | i neigh
neighbor 192.20.180.127 ebgp-multihop 4
neighbor 192.20.180.127 prefix-list isp-route in

Step 3 : Check details of BGP Advertised routes

Checking details of BGP Advertised routes

CE1#sh running-config | sec bgp
redistribute bgp 64251 metric 6000 1000 255 255 1500 route-map DC-Route
router bgp 64251
bgp log-neighbor-changes
network 10.101.111.96 mask 255.255.255.255
 network 10.126.0.0 mask 255.255.255.0

Step 4 : Check details of Redistribution, BGP to IGP Or IGP to BGP

Check details of Redistribution, BGP to IGP Or IGP to BGP
CE1# sh running-config | i redis

BGP order of preference.

a) For inbound updates the order of preference is:

1. route-map
2. filter-list
3. prefix-list, distribute-list'

b) For outbound updates the order of preference is:

1. prefix-list, distribute-list
2. filter-list
3. route-map

Route dampening
Route dampening is the feature that reduces propagation of flapping routes in
the Internet. Route flapping occurs when IP routes are removed and put back in
a routing table. This can be because of physical layer failure, routing protocol
failure, or router node failure, and so on. Route dampening applies to EBGP
neighbors only.
First, the routes to be “observed” must be identified using an access-list or
prefix-list:
Router(config)# ip prefix-list MYLIST seq 10 permit 10.1.0.0/16
Router(config)# ip prefix-list MYLIST seq 20 permit 10.2.0.0/16
Next, dampening values must be configured using a route-map:
Router(config)# route-map MYMAP permit 10
Router(config-route-map)# match ip address prefix-list MYLIST
Router(config-route-map)# set dampening 15 750 2000 60
#Show ip bgp dampened paths

BGP Backdoor:-
EBGP has an admin distance of 20,howevwe you may want to choose routes
 from your IGP(OSPF,EIGRP etc) over eBGP.You can do this with the
Backdoor command. For example, if you want the network 172.0.0.0/8 to be
advertised via BGP with and AD of 200:
Router BGP 7500
Network 172.0.0.0 mask 255.0.0.0 backdoor.

More Advanced BGP Features:

What is BGP ORF (Outbound Route Filtering)?

What is ORF?
Outbound Route Filtering (ORF) is a Cisco proprietary feature that prevents the
unnecessary exchanging of routes that are subject to inbound filtering. This, in
turn, minimizes bandwidth across the links and reduces CPU cycles upon the
router during the processing of the neighbor UPDATE.

ORF works by the router transmitting its inbound filters to its neighbor, which
the neighboring router then applies outbound.

BGP Dynamic Neighbors

> BGP Dynamic Neighbor Feature allows the router to form neighbor relationship with other routers without
using neighbor command.
--> In order to create dynamic neighbors, we need to use bgp listen range command and give the IP address
range.
→
--> Whenever request comes on the TCP port number 179 for the IP Address range then neighbors are
automatically created.

Configuration
router bgp 65001
neighbor peer-group IBGP
neighbor IBGP remote-as 65001
neighbor IBGP update-source loo0
bgp listen range 10.0.0.0/8 peer-group IBGP

BGP Prefix Independent Convergence

When failures are detected, the BGP process responds in the following manner:

The failed routes are withdrawn from the BGP table, the RIB, and FIB.
Update message are sent to the neighbors to withdraw the failed routes.
The best path algorithm is run to choose new best paths.
The new best paths are installed in the BGP table, RIB, and FIB.
The new best paths are announced via Update messages to the BGP neighbors.
Therefore, BGP convergence primarily depends on the speed by which the router
runs the best-path algorithm to find an alternative path to the destination. This, in
turn, depends on the size of the BGP table, or in other words, the number of
prefixes in the table.

Because the bottleneck in the convergence of BGP is in the number of prefixes in

the BGP table, to speed up convergence, this dependency needs to be eliminated,
and this is exactly what the BGP Prefix Independent Convergence (PIC) feature
does.

This is how it works: In cases where more than one path to a prefix exists, when
BGP runs the best path algorithm, instead of finding the best path only, it finds
the best path and the second-best path and installs both in the BGP, RIB, and
CEF tables. When a failure in the primary path is detected, the backup/alternative
path immediately replaces the primary path in all three tables without the need to
do any BGP table walks or running the best-path algorithm first. This is
conceptually similar to the EIGRP Feasible Successor function. The dependency
on the size of the BGP table is eliminated, and BGP convergence is dramatically
enhanced. As you can see, BGP PIC is a purely data plane feature that operates at
the RIB and CEF level.

The BGP PIC feature is enabled using the command bgp additional-paths install
under the BGP address-family configuration mode.

R1(config)# router bgp 100

R1(config-router)# address-family ipv4 unicast
R1(config-router-af)# bgp additional-paths install
 R1(config-router-af)# exit

BGP Conditional Route Injection & Advertisement

The BGP conditional route injection feature allows the creation of more-specific prefixes when an aggregate
exists. These prefixes are injected in to local BGP table to provide more specific routing information in local
AS than aggregated route. This can be used to optimize the exit points of the local AS.
The BGP conditional advertisement feature provides additional control of route advertisement, depending on
the existence of other prefixes in the BGP table. This can be useful for a multihomed AS that wants to only
use one ISP peering (expensive) if the other one of down.

Comments
For conditional route injection: you must use Prefix-lists, NOT ACLs.
We can only originate more specific subnets of an existing aggregate prefix.

BGP Security
These are the most common BGP threats:

•BGP routing table manipulation

•BGP route spoofing

•BGP DoS

BGP Countermeasures Overview

•*BGP route spoofing can be prevented using filtering based on prefixes and
AS path.
BGP Security

•IOS/IOS-XE

router bgp 65000neighbor 192.168.100.1 password C1sc0

neighbor 192.168.100.1 ttl-security hops 1 address-family ipv4
neighbor 192.168.100.1 maximum-prefix 1000

TTL Security:

•With IOS/IOS-XE the hops value is how many hops away the
neighbor can be (the acceptable TTL would be from 255 to 255
minus the number of hops)
•With IOS-XR, only 255 is an acceptable TTL value

•BGP neighbors can be authenticated before establishing a TCP session:

•HMAC-MD5 is used.
•Cisco IOS-XR supports HMAC-SHA1 with key chains.

Dynamic Layer 3 VPN with mGRE

•Dynamic L3 VPNs with mGRE Tunnels feature provides an L3 transport

•L3 tunneling transport can also be used within IP networks to transport VPN traffic across another
IPv4 network

•Currently not available on IOS-XR

BGP Policy Accounting

Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is
sent to, or received from, different peers.
IOS/IOS-XE

ip as-path access-list 1 permit _1234$

route-map BGPAccountingpermit 10
match as-path 1
set traffic-index 1
router bgp 65000
table-map BGPAccounting
!
interface gigabitethernet0/0
bgp-policy accounting

BGP Flowspec
•Flowspecspecifies procedures for the distribution of flow specification rules via BGP and defines
procedure to encode flow specification rules as Border Gateway Protocol Network Layer
Reachability Information (BGP NLRI) which can be used in any application.

•The BGP flow specification (flowspec) feature allows you to rapidly deploy and propagate filtering
and policing functionality among a large number of BGP peer routers to mitigate the effects of a
distributed denial-of-service (DDoS) attack over your network.

•In Cisco IOS 15.5(S) release, BGP flow specification is supported only on a BGP flow specification
client and route reflector.

•ASR9000 can be the flow specification controller

BGP Troubleshooting.
Problem: BGP peer is not getting establish between routers.
Cause :
1) Peer ip address is not reachable .
2) port 179 is blocked by firewall or access-list.
3) BGP configuration is not correct like wrong peer address local-as or remote-
as, wrong AS number, wrong authentication/MD5 password or wrong update-
source loopback.
4) static route is missing for loopback address end to end.

5) TTL=1 for ebgp neigbor. ebgp-multihop is not configured.

6) MD5 authentication has "space" in password.
7)Duplicate router-id between BGP neighbors.
Debugging command :
debug ip bgp
debug ip tcp transaction
debug ip bgp events

Solution:
a) Ensure BGP local and remote AS configuration is correct.
b) MD5 authentication password is correct on both sides without spaces.
c) Verify update-source loopbak and ebgp-multihop.
d) port 179 is allowed in the path boh end via access-list. Ensure firwall is not
blocking.

Problem : BGP neighbor ship is flapping and getting reset.

Cause:
1. Keep alive mismatch
2. MTU mismatch.
3. Hellos are stuck in OutQ behind update packets.
4. Remote router rebooting continually (typical with a 3-5 minute BGP peering
cycle time)
5. Remote router BGP process unstable, restarting
6.Traffic Shaping & Rate Limiting parameters
7. MTU incorrectly set on links, PMTU discovery disabled on router.
8. Output drops on the interface or congestion on the queue.
9. High CPU on the router or CPU spike on router.

Solution :
a) Make sure you have same keep alive on both routes.
b) Make sure you have same MTU and can ping MTU 1500 with df bit set.
c) If MTU mismatch can not be fixed, can use path-mtu discovery to overcome.

Tip: BGP update packets are packed to the size of the MTU – keepalives and
BGP OPEN packets are not packed to the size of the MTU ⇒ Path MTU
problem
Problem : Router is not installing routes in RIB and ignoring.

Cause :
1. Paths that are marked as not synchronized in the show ip bgp longer-
prefixes output
2. Paths for which the NEXT_HOP is inaccessible
3. Paths from an external BGP (eBGP) neighbor if the local autonomous system
(AS) appears in the AS_PATH
4. If you enabled bgp enforce-first-as and the UPDATE does not contain the
AS of the neighbor as the first AS number in the AS_SEQUENCE
5. Paths that are marked as (received-only) in the show ip bgp longer-
prefixes output

Solution:
a) Be sure that there is an Interior Gateway Protocol (IGP) route to the
NEXT_HOP that is associated with the path.

Problem : Router is not installing routes in BGP Table.

Cause:
1. No router in global routing table for the network command configured in
BGP.
2. No matching route in BGP table for the aggregate-command configured in
BGP.
3. Same router-ID in routes coming from Router-reflector in Originator-ID
attributes.
4. Same router-IS in routes coming from router-reflector from same cluster-ID.
Sol: Always remember to have a valid next-hop in BGP. Next-hops are
modified over eBGP peerings but not over iBGP. To resolve this kind of
problem either redistribute connected interface to the external peer into IGP or
use next-hop-self on iBGP peerings. A route-map can also be used to achieve
the same thing

Problem : Router is not advertising route to another BGP peer.

Cause :
1. No matching route in routing table.
2. Filter is discarding route.
 Solution :

Problem : Peering changes.

Cause :
Solution:

Problem :Route flapping.

Cause :
Solution:

Problem : Route hijacking.

Cause :
Solution:

Problem : DDoS mitigation

Cause :
Solution:

Troubleshooting BGP Peering Issues:-

Preliminary Checks
Verify Configuration
Peering IP Address
AS Number
MD5 Authentication (Optional)
ebgp-multihop hop-count (eBGP only)

Verify Reachability
ping remote-ip source source-ip
If reachability issues found:
Use traceroute to verify where the trace is dropping
BGP will not use the default route to reach a neighbor!
Or

disable-connected-check
• For eBGP peers, BGP takes two special precautions
• Uses TTL of 1
• Verifies if NEXTHOP is on a directly attached network
• For eBGP peers more than 1 hop away, a larger TTL must be used • This
automatically disables the NEXTHOP connected check • For eBGP peers 1 hop
away, use neighbor disable-connected-check • Ideal for peering direct neighbors
through their loopbacks;
Or
Some ACLs blocking on Firewall
• Verify any Firewall / ACLs in the path for TCP port 179
• If using ASA as a firewall, make sure BGP Pass-Through is configured
• ASA / PIX offsets TCP SeqNos with a random number for every TCP session
• Causes MD5 authentication to fail
• ASA strips off TCP option 19
Or
Problem With the TCP Process:
 Or

Or

Or
Stable BGP peers going into Idle State
BGP Peering has been up for months, but all of a sudden, BGP session goes
down and never comes back up

Or
Notifications – Hold Time Expired

### #########################################

Stale Routes
Symptoms and Possible Causes
Symptoms
• Stale Entry to BGP Peer
• Traffic Black-Hole
• Outage

Possible Causes

• BGP Slow Peer

• Sender did not send the update
• Receiver did not process the update

How to Troubleshoot?
• On IOS, it is difficult to get to the root cause after the problem has occurred
• Enable conditional debugs and wait for the issue to happen again
• Reproduce the problem in lab environment (hard but not impossible)
• On IOS XR, use show bgp trace and BGP debugs to understand if the
advertisement has been sent/received
• Debug
• On NX-OS, use show bgp internal event-history { events | errors } to figure
out if the prefix has been received / advertised
##################################
Route Churn

Symptom - High CPU?

Define “High”
• Know what normal CPU utilization is for the router in question
• Is the CPU spiking due to “BGP Scanner” or is it constant?

High CPU due to BGP Router

• How to identify route churn?
• Do sh ip bgp summary and note the table version
• Wait 60 seconds
Do sh ip bgp summary and compare the table version from 60 seconds ago
• You have 150K routes and see the table version increase by 300
• This is probably normal route churn
• Know how many bestpath changes you normally see per minute
• You have 150K routes and see the table version fluctuating by 20K – 50K
• This is bad and is the likely cause of your high CPU
Other important commands:

sh ip bgp <neighbor ip> advertised routes

sh ip bgp <neighbor ip> received routes
show ip bgp neighbors (address) Displays detailed neighbor information
show ip bgp Displays the routes in the BGP table
show tcp brief Displays the veracity of tcp connections
debug ip tcp transactions DisplaysOther important commands:
show ip bgp neighbors (address) Displays detailed neighbor information
show ip bgp Displays the routes in the BGP table
show tcp brief Displays the veracity of tcp connections
debug ip tcp transactions Displays all tcp transactions
debug ip bgp events Displays significant BGP events
debug ip bgp keepalives Displays BGP keepalive packets
debug ip bgp updates Displays incoming or outgoing BGP updates
debug ip bgp updates acl Displays incoming and outgoing updates that match
on an acl
all tcp transactions
debug ip bgp events Displays significant BGP events
debug ip bgp keepalives Displays BGP keepalive packets
debug ip bgp updates Displays incoming or outgoing BGP updates
debug ip bgp updates acl Displays incoming and outgoing updates that match
on an acl

Some Scenarios: -

• Troubleshooting BGP neighbor relationships

• Troubleshooting BGP route advertisement/origination and

receiving
• Troubleshooting a BGP route not installing in routing table

• Troubleshooting BGP when route reflectors are used

• Troubleshooting outbound traffic flow issues because of BGP

policies

• Troubleshooting load-balancing scenarios in small BGP networks

• Troubleshooting inbound traffic flow issues because of BGP

policies

• Troubleshooting BGP best-path calculation issues

• Troubleshooting BGP filtering

 MindMAP:-

Happy Reading…
Follow me for more updates: https://www.linkedin.com/in/rakesh-sa-b2b664167

Thanks
Rakesh