 Border Gateway Protocol

 EGP Protocol
 Path Vector Routing protocol that selects the best path by considering various path attributes
 Layer 7 protocol
 Complete reliable protocol, uses TCP on Layer 4 and acknowledges all the messages
 Uses TCP Port # 179
 By default Max path is 1 and load balancing is disabled
 Classless Routing protocol means prefixes are sent along with subnets
 By default, auto-summary is disabled
 Supports manual summarization
 Supports only Static Neighborship, does not support Dynamic Neighborship
 TCP 3 Way Handshake is done first with the neighbor as soon as the BGP is configured on both
routers
 AD Value 20 for EBGP and 200 for IBGP

TCP Handshake

1st msg with syn bit ON with a seq no, src port no random, dest port no 179 (bgp)

2nd msg with syn bit and ack bit ON with the same seq no, src port no 179, dest port no random as
before

3rd msg with only ack bit ON with the same seq no, src port random, dest port 179

TCB (Transmission Control Block) is the database of TCP.

Types of Messages

 Open
This message is used to initiate a BGP session between two BGP routers. It contains information
such as the AS number and BGP version number.

Establishes neighborship. Type Code = 1.

CONTENTS: type code, version, own AS, hold down timer, router id

 Keep Alive
This message is sent periodically to maintain the BGP session between two routers. It contains
no new information, but it indicates that the connection is still active.

Type Code 4. Sent after every 60 sec whereas Neighbor hold down timer is 180 sec

 Update Message
This message is used to communicate changes to the BGP routing table, such as the availability
of a new path or the withdrawal of an existing path.
Database is shared with the neighbors in this message.
Type Code = 2
CONTECTS: NLRI (Network Layer Reachability Information) or Prefix Information & Path
Attributes
  Notification Message
This message is sent when there is an error or problem with the BGP session. It can be used to
notify the other router that the session is being terminated. Type code = 3.
 Route Refresh Message
It is used to request a refresh of the BGP routing table. This allows a BGP peer to receive
updates to the routing table without having to tear down and reestablish the BGP session. Type
code 5.

Neighborship States

Idle state: In this state, the BGP process is not running, or it has not yet established a TCP connection
with the peer router.

Connect state: In this state, the BGP router has initiated a TCP connection to the peer router and is
waiting for the TCP three-way handshake to complete.

Active state: In this state, the BGP router has not received a response to its TCP connection request, and
it is retransmitting the request.

OpenSent state: In this state, the BGP router has received a response to its TCP connection request and
has sent an open message to the peer router.

OpenConfirm state: In this state, the BGP router has received an open message from the peer router
and has sent a keepalive message to confirm the session.

Established state: In this state, the BGP router has received a keepalive message from the peer router
and the session is established. The routers can now exchange BGP updates.

Path Attributes

Well-known

Mandatory

Next Hop

AS Path

Origin Code

Discretionary

Local Preference

Atomic Aggregate

Optional

Transitive

Aggregator

Community
 Non-transitive

MED

Originator ID

Cluster List

With neighbor details, there are 2 signs with the prefixes:

* means VALID

> means BEST

A prefix must be BEST for it to installed in the BGP Table.

Next Hop Rule:

Next hop for self-advertised prefix is shown as 0.0.0.0

Whenever router shares prefix with EBGP neighbor, it'll change next hop address as its own interface
address which is advertised in BGP.

However, whenever router shares prefix with IBGP neighbor, it'll NOT change it's next hop address. In
this case, the prefix will be unreachable because of unreachable next hop and though the route will be
valid, it will not be best and hence will not be installed in the BGP table.

However, when next hop address is 0.0.0.0 (for self-advertised prefix case), next hop will always be
changed whether it's the case of IBGP or EBGP.

Next-hop-self-command will only be run on EDGE ROUTERS.

Loop Avoid Mechanism

IBGP

Whenever a router receives a prefix from its IBGP neighbor, it'll not advertise that prefix further to any
other IBGP neighbor.

EBGP

Whenever router sends a prefix to its EBGP neighbor, it adds its AS no along with the previous AS no in
update msg. Now, when the router will receive any update msg with its own AS no added in it, it will
discard the msg.

Router will not send AS# to its IBGP neighbor.

Indirect Neighborship

Static or any EGP routing protocol can be used to make the two neighbors pingable. Default route is not
considered.

Indirect neighborship will be formed on loopback IPs in case of redundant paths.

EIGRP sends a TTL value = 1 with each msg to its neighbor and it gets decremented to 0 when it reaches
its neighbor, that's why indirect neighborship isn't possible in EIGRP.

BGP sends a TTL value = 255 with each msg to its IBGP neighbor and it doesn't get decremented to 0
when it reaches its first neighbor, that's why indirect neighborship is possible in BGP.

BGP sends a TTL value = 1 with each msg to its EBGP neighbor and it gets decremented to 0 when it
reaches its first neighbor, however the TTL value can be changed in BGP and that's why indirect
neighborship is possible in EBGP. If TTL value is changed then there is no need for the command to
uncheck the directly connected rule of EBGP.

Rib failure is written with a route which is best in BGP but is being considered from other IGP protocol
due to less AD value.

Best Path Selection Criteria

1. Next Hop Reachability

The path that is directly connected and reachable will the preferred.
2. Weight
It is CISCO proprietary and is not part of Path Attribute. It has local significance and by default
weight has value of 32768 for self-advertised prefixes. Weight is equal to 0 for received prefixes.
Higher weight will always be preferred.
3. Local Preference
Local preference is a part of path attribute when prefix is being advertised towards IBGP
neighbor only. Default value is 100. Higher Local Preference will always be preferred.
4. Self-Advertised
Next preference is of self-advertised prefix.
5. AS Path
Less number of AS paths will become best path. Max no of AS is 64.
6. Origin Code
i = BGP Prefix
E = EGP Prefix (Routing protocol before BGP was developed)
? = Redistributed Prefix
i>E>?
7. MED
MED (Multi-Exit Discriminator) or simply Metric is metric shared by IGP Protocol when it is
redistributed into BGP. Lower MED is preferred.
8. External > Internal
External BGP Prefixes are preferred over Internal BGP Prefixes due to AD value of EBGP being 20
and IBGP being 20.
9. IGP Cost of Reach Next Hop
Metric from IGP Protocol. Lower cost is preferred.
10. Lower Neighbor Router ID (Only for IBGP)
For IBGP neighborship, neighbor with lower router ID is preferred.
11. Oldest Path (Only for EBGP)
For EBGP neighborship, path that is first advertised in BGP is preferred.
12. Lower Neighbor IP Address
 Finally, neighbor that has the lower IP Address is preferred.

Path Manipulation

For Outgoing Path:

WRT Weight

WRT Local Preference

For Incoming Path:

AS Path

Origin Code

MED

IBGP Loop-Avoidance Break

Route-Reflector is used to break IBGP Loop Avoidance mechanism. A router itself is Server while all of
its neighbors are Non-Client by default. Neighbors can be made converted into Clients.

Below are the rules following which the router will share its prefixes with its neighbors:

1. If one neighbor is Non-Client and the other is Client

2. If one neighbor is Client and the other is Non-Client
3. If both neighbors are Client

Below is the rule following which the router will NOT share its prefixes with its neighbors:

4. If both neighbors are Non-Client

When Server shares update message with its client or non-client neighbor, it adds 2 new attributes.

1. Originator ID
This is the router ID of the router that has originally generated the update message.
2. Cluster List
It contains the router ID of the Server Router on which Router-Reflector is running.
Cluster list can contain multiple Server Routers Router IDs.

If a router receives an update message with its own Router ID as originator ID, it will discard that
message. Also, if a router receives an update message with its own Router ID as part of the cluster list, it
will discard that message. This is loopback avoidance mechanism of Route-Reflector.

Confederation

In a big topology, making many route-reflectors is not feasible. Confederation is the solution to this
issue. In confederation, concepts of sub-AS is used. Within a major AS (called confederation AS),
multiple sub-AS are used. Routers with same sub-AS are confed IBGP neighbors while routers with
different sub-AS are confed EBGP neighbors. For confed EBGP neighbors, TTL value is 1 and connected
check is ON. When the routers are confed EBGP neighbors of each other, they will share prefixes with
each other and thus there will be NO need to create Route-Reflectors in this case. Confederation and
Route-Reflectors are mostly used in combination.

Peer Groups

If same commands are to implemented on multiple neighbors one by one, we create a group of those
neighbors instead so that commands do not have to be implemented one by one. A group can be made
of more than one neighbors and then the commands can be implemented on that groups only once.

Aggregation

Manual summarization in BGP is known as Aggregation. When prefixes are summarized OR aggregated,
the individual prefixes will be suppressed and will have a small ‘s’ written in route description.

Suppress-map will suppress certain prefixes while unsuppress map will keep certain prefixes
unsuppressed.

Attribute-map will change certain attribute (e.g. origin code) of the summary address so that its path can
be changed.

Advertise-map will advertise as-path attribute of just one link if summary address has been formed from
individual prefixes coming from two different sources. Both will be formed using route-map.

Atomic-aggregate means that the router hasn’t copied the AS information of individual prefixes in
summary address.

Predefined Communities

It is optional transitive attribute used to filter traffic.

Types:

1. Internet – By default community that allows prefixes to be forwarded to both IBGP & EBGP
neighbors.
2. No-Export – Prefixes set in this community type will not be forwarded to EBGP neighbors.
3. No-Advertise - Prefixes set in this community type will not be forwarded to both IBGP & EBGP
neighbors.
4. Local-AS – This community is used in confederation. Prefixes set in this community will not be
forwarded to Confederation EBGP neighbors.

Neighbor will not follow the community rule unless send-community command is used with the
neighbor.

Own Communities

32-bit decimal number

Used for tagging using which path manipulation and route filtering can be performed

Old Method:
100, 200, 500

New Method

100:10 (100 = AS# & 10 = Tag)

Concept of Public & Private AS:

AS (0-65535)

Public AS (0-64511) – used at service provider end

Private AS (64512-65535) – used at customer end

Private AS can be removed from the prefixes, if customer end using private AS is the originator of that
prefix.

Regular Expressions

Used to match OR used to display filtered BGP prefixes information WRT AS# using the following
expressions:

^ Start of String

$ End of String

[] Range of Character

- Range

() Range Grouping

. Any Single Character

* Zero or More Instance

_ Comma, Any

Combination

^100_ Prefix received from neighbor AS 100 and may include other AS

_8127$ Prefix originating from AS 8127

^100$ Prefix only from neighbor AS 100

_100_ Prefix passing through AS 100

_100_8127$ Prefix originating from 8127 and passing through 100

^$ Only local AS Prefix

.* Any

AS Migration
Customer end AS can be migrated and changed without changing configurations of BGP. In this case,
new AS of the customer end can be hidden by telling the neighbors that their local AS is the same old
one. This configuration will only be done at customer end and not at ISP end.

Condition Route Advertisement

Used to restrict a path for the traffic to flow by imposing a condition that if a certain prefix is being
received from a neighbor, the traffic will flow from that path. Only when the neighborships breaks and
the prefix is not received from the neighbor, then the path will be changed. Exist Map is used. Non-exist
Map is opposite of Exist Map.

Fast Fallover

When the routers are indirectly connected using loopback addresses, the routers will wait for the hold
timer to expire before breaking neighborship because the physical link is active. To immediately break
neighborship and does not wait for the hold timer (180 sec) to end fast fallover is used.

Soft Reconfiguration Inbound

Used to check received prefixes from a specific neighbor. After applying the command, router will start
to maintain another table just for the received prefixes. The prefixes residing in this table will be injected
in the BGP table. Now when clear ip bgp * soft in command is used, the router will not send a route
refresh message to its neighbors and will get the fresh information from the received prefixes table
instead causing the link to not get congested.