You are on page 1of 53

1

BGP (Border Gateway Protocol)

July 2007

2

Overview

• BGPv4 is an Exterior Gateway Protocol (EGP) that can exchange routing updates between different Autonomous Systems, so it operate mainly at the border of an AS. • BGP is not designed to choose paths based on bandwidth, delay and other metrics, but paths are chosen based on policy attributes. • AS is a collection of networks under a single technical administration, AS is identified by a unique number between 1 – 65535.The range 64512 - 65535 is reserved for private use.

IGPs work within AS

3

When BGP is not appropriate?

1-Single connection to Internet or other AS 2-Lack of memory and processing power to handle updates

3-Low bandwidth between ASs
4-Limited understanding of route filtering & BGP path selection process When BGP is most appropriate? 1-An AS allows packets to transit through it to reach other AS (e.g. Service Provider) 2-An AS has multiple connections to other AS 3-Routing policy & route selection for traffic entering or leaving the AS must be manipulated

BGP C/Cs • BGP is a path vector protocol (advanced distance vector). (IGPs announce networks and describe the cost to reach those networks, BGP announces pathways and the networks that are reachable at the end of the pathway. BGP describes the pathway by using attributes which are similar to metrics)

4

5

• • • • • • • • • • • • • •

BGP C/Cs Reliable updates: BGP run on top of TCP port 179. Full BGP tables is exchanged at start-up. Incremental batched updates every 30 sec at change. BGP has no method for dynamic neighbor discovery, all neighbors must be discover manually using the neighbor command. Updates is sent on unicast address to the statically configured neighbors. Periodic keepalive messages to verify TCP connectivity. Use rich metrics called path attributes. Designed to scale huge internetworks. Support VLSM & CIDR (classless) Loop free (use BGP split-horizon & AS path list to avoid loops inside AS and between ASs) Its symbol in routing table is B. External BGP has admin. distance 20. Internal BGP has admin. distance 200. BGP allows administrators to define policies or rules for how data will flow through the Autonomous Systems.

Best paths in that table is advertised to neighbors in routing updates 3-IP routing table List of best paths to destination networks . .Contain multiple paths to destination networks with attributes for each path .6 BGP Tables 1-Neighbor table: List of BGP neighbors "BGP peers" (configured statically with the neighbor command & can be reachable) 2-BGP forwarding database table: .List of all networks learned from each neighbor.

memory or CPU error) .7 BGP messages 1-Open message It is used to open BGP session with a neighbor (Includes holdtime and BGP router ID 2-Keepalive message Periodic message that is sent to keep TCP session stay still 3-Update message It contain information about destination networks and the attributes to reach these networks 4-Notification message Sent to identify that an error condition is detected for a certain router (i.e.

using the neighbor command . • Any two routers that have formed a TCP connection to exchange BGP routing information are called peers or neighbors. is a specific term that is used for BGP speakers that have established a neighbor relationship.BGP neighbor states • A BGP peer. also known as a BGP neighbor. 8 BGP Starts its operation when neighbors are statically defined.

• The neighbors do not have to be directly connected.9 External BGP • When BGP neighbors belong to different autonomous systems they are called EBGP. Internal BGP •IGBP refers to the presence of BGP neighbors within the same AS. need to be directly connected. because they can be reached through an IGP. by default. . • EBGP neighbors.

10 Configuring BGP neighbors This mean C is configuring A as eBGP This mean A is configuring B as iBGP and C as eBGP This mean B is configuring A as iBGP .

11 BGP Start up Operation after neighbor command is written (config)#router bgp <as#> (config-router)#neighbor <neighbor ip> remote-as < neighbor as# > Idle state: router is searching IP routing table to see if a route exists to reach the neighbor Connect state: router found route and has completed TCP 3-way handshake Open sent: open message is sent Active state: waiting confirmation on parameters to establish session Open confirm: receive agreement on parameters to establish session Established state: peering is formed and routing exchange begins .

1.16.16.2 went from open confirm to established Why a router could stuck in active state? •Neighbor peering with the wrong address •Neighbor does not have neighbor statement for this router •Neighbor does not have a route to the source IP address of the BGP open packet generated by this router .16.1.1. version 4 BGP : 172. version 4 BGP : 172.2 went from connect to open sent BGP : 172.2 passive open BGP : 172.1.16.1.2 went from open sent to open confirm BGP : Scanning routing tables BGP : 172.12 BGP Start up Operation RouterA# debug ip bgp events BGP events debugging is on BGP : 172.1.16.2 open rcvd.16.2 sending open.16.1.2 went from idle to connect BGP : 172.

13 Understanding BGP Requirements 1-BGP runs on borders of AS but no IGP 11.0 B has E in its neighbor table (using neighbor command). but there is no IGP running in the AS 65102. so as the BGP neighbors could be reachable .0. so B will drop any updates going to E • Conclude: IGP must run inside the AS.0.0 Update About 11.0.0 to E the update is encapsulated in a packet with destination IP of E.0. but for B to send update about 11.0.0. so B cant find a path for E in its routing table.

0 6-Update 11.0.0.0 4-Routing Table No BGP Updates now can pass from A to B to E (C & D will consider it an IP packet destined to E).0.0 5-Routing Table 7-Routing Table B 11.0.0 B 11.0.0.0 1-Update About 2-Routing Table 11. update will go from E to F.0.0. so packets destined to 11. but any returning data coming from F will goto E and from E to C or D.0 11.0 in their routing table .0 will be dropped.0. but due to C & D doesnot have an entry for 11.0.0.0.0.0.0.14 2-BGP run on borders and IGP inside AS 4-Routing Table No BGP 8-data with dst ip 11.0.1 3-Update 11. so black hole for data exists in AS65102 .0 B 11.0.0.0.0.

15 2-BGP run on borders and IGP inside AS • Conclude: BGP must run on all transit AS routers to avoid black holes. or otherwise redistribution from BGP into IGP must take place • Synchronization rule: (To avoid Black Holes) Router cannot advertise routes to eBGP neighbor unless it exist in IP routing table by an IGP (non-BGP) To avoid synchronization problems (black holes): 1-redistribute BGP routes into IGP protocol (big headache for IGPs. due to BGP table is very large and IGP is not designed for that scalable networks) 2-run BGP on all transit AS routers and disable synchronization (config-router)#no-synchronization .

but make sure that you make all restrictions to avoid black holes . Router(config-router)# no synchronization • Disables BGP synchronization so a router can advertise routes in BGP without learning them in IGP. default. • Ensures consistency of information throughout the AS • Avoids black holes within the AS • Safe to turn off if all routers in the AS are running full-mesh IBGP.16 BGP Synchronization •Synchronization rule: Do not use or advertise to an external neighbor a route learned by IBGP until a matching route has been learned from an IGP.

then: – Routers A. . • If synchronization is off. and D would use and advertise the route they receive via IBGP.0.0. then: – Routers A. C. and D would not use or advertise the route to 172. routers A.16. and D would route the packets correctly to router B. C.16.0. C. – If router E sends traffic for 172.0.0.0. router E would hear about 172. – Router E would not hear about 172.16.0.0 until they receive the matching route via an IGP.16.17 Example: BGP Synchronization • If synchronization is on (the default).

18 3-BGP and IGP run on all routers of transit AS • BGP Split horizon rule: "avoid routing loops inside the AS" Route learned by iBGP neighbor can never be advertised back to another iBGP neighbor If Router A advertise a route to its eBGP neighbor B. so B will advertise it to C & D. C or D can never advertise that route again to their iBGP neighbor as E. so E will never learn about that route. so B must advertise that routes to all it other neighbors. but due to split horizon rule. • Conclude: BGP must run in full mesh fashion (sessions between all BGP neighbors) to avoid split horizon rule .

memory and bandwidth overhead will take place in the network .19 4-BGP must run in full mesh fashion • Full mesh BGP problem: This will cause multiple TCP sessions. so a lot of CPU.

2-Use Network command (Recommended) (config)#router bgp <as# > (config-router)#network <network address> [mask <subnet mask>] Note: If no mask is specified. default masks is assumed Note: There must be an exact match for that route in IP routing table learned by IGP (non-BGP) so as for BGP to populate that route in BGP table and advertise it to eBGP neighbors "synchronization rule― or disable syncronization .1-Redistribute IGP routes into BGP 1.20 BGP considerations 1-Advertise routes in BGP updates (populate BGP table) 1.

RouterB(config-router)# network 192.1. RouterB(config-router)# network 192.255.16.168. RouterB(config-router)# neighbor 10. RouterB(config-router)# neighbor 192.0 mask 255.10. RouterB(config)# router bgp 65000 2. RouterB(config-router)# no synchronization .255.0 7.0 5.3.1.2. RouterB(config-router)# network 172.0 6.2 remote-as 64520 3.1.168.168.21 BGP considerations 1-Advertise routes in BGP updates (populate BGP table) 1.2 remote-as 65000 4.

• • • • Auto summary is enabled by default at discontiguous network boundaries. Null static route not needed. routes can be aggregated by any AS on any BGP router. BGP4 is classless. due to BGP null route automatically generated. and carries a network mask for each network in the update. To disable auto-summary (config-router)#no auto-summary • Manual summarization Method 1: Recommended method of summarization for BGP (config)#router bgp <as#> (config-router)#aggregate-address <summary address> <mask> [summary-only][as-set] -Creates an aggregate (summary) entry in the BGP table -Does not need an exact match in match in the routing table.22 2-Advertise summarized routes (CIDR and Aggregate address) With BGP4. -Uses the summary-only option to advertise only the summary and not the specific routes -Adds the as-set option to include a list of all the autonomous system numbers that the more specific routes have passed through . supports VLSM and longest match routing. but at least one of the specific routes must exist.

23 • Auto summary is enabled by default at discontiguous network boundaries. • Manual summarization Method 1: 2-Advertise summarized routes (CIDR and Aggregate address) .

a null static route must be created for BGP to announce this summarization. • To use the network statement for summarization. • If the route was not already summarized. the network number and mask used must already exist exactly in the routing table. (config)#ip route <address> <mask> null0 .24 Method 2: (config)#router bgp <as#> (config-router)#network <address> [mask <mask>] This command was not designed to perform summarization by itself. that summarization can be announced into BGP with the network and mask commands. • If the route was already summarized by EIGRP or OSPF. The aggregate-address command was designed for summarization.

the packet is ignored. – If no match is found. • To identify the source of updates for a certain neighbor (config)#router bgp <as#> (config-router)#neighbor <neighbor ip> update-source <interface name> . – If a match is found. the source address of the packet is compared to the list of neighbor statements. • Make sure the source IP address matches the address that the other router has in its neighbor statement.25 3-Source of updates behaviour • A router will never receive an update from a source unless that source address is identified in its neighbor command (in its neighbor list) • When a BGP packet is received for a new BGP session. a relationship is established.

26 3-Source of updates behaviour .

so using multiple links between the two neighbors.27 4-eBGP multihop • Due to eBGP neighbors must be directly connected. or using loopback as source of update will cause a problem for the advertised updates we can use the following command (config-router)#neighbor <neighbor ip> ebgp-multihop [no. of hops] .

28 5-Next hop behavior • BGP is an AS by AS routing protocol.10.16.0 to router B in EBGP.16. with a next hop of 10.1 .10.10.0. it means the ip address to reach the next AS -Router A advertises network 172. not a router by router routing protocol.3 as the next-hop address. -Router B advertises 172.0 is 10.0.3.10. So if B has written (config-router)# neighbor 172.20.10. so in BGP next hop does not mean the next hop router.0. -So C see the next hop to reach 172.0.3 (next AS entry point) To override that behaviour (config-router)#neighbor <neighbor ip> next-hop-self Forces all updates for this neighbor to be advertised with this router as the next hop.16.20.16. keeping 10. The IP address used for the next-hop-self will be the same as the source IP address of the BGP packet.0 with next hop 172.2 next-hop-self So C will see 172.10.10.0 in IBGP to router C.10.

not 10.30.2.1.0.10.0 to router A in EBGP with a next hop of 10. • BGP is being efficient by informing AS 64520 of the best entry point into AS 65000 for network 172.10.0.29 Next Hop on a Multiaccess Network The following takes place in a multiaccess network: • Router B advertises network 172. .10.0. This avoids an unnecessary hop.30. • Router B in AS 65000 also advertises to AS 64520 that the best entry point for each network in AS 64600 is the next hop of router C because that is the best pathway to transit AS 65000 to AS 64600 from AS 64520.10.

30 Example: next-hop-self Configuration .

31 6-BGP peer groups • If there are multiple neighbors the configuration will be a big overhead and configuration mistakes could happen • Peer groups is defining a template with configuration parameters and assign these parameters to a group of neighbors • Useful when many neighbors have the same outbound policies • Members can have a different inbound policy • Its target is to Simplify configuration .

32 Configuration without peer groups for 15 neighbor (config)#router bgp <as#> (config-router)#neighbor <ip> remote-as <as> *15 times (config-router)#neighbor <ip> route-reflector-client *15 times (config-router)#neighbor <ip> source-update loopback0 *15 times (config-router)#neighbor <ip> next-hop-self *15 times (config-router)#neighbor <ip> route-map <name> <in/out> *15 times (config-router)#neighbor <ip> prefix-list <name> <in/out> *15 times (config-router)#neighbor <ip> distribute-list <name> <in/out> *15 times • we may need about 105 command on a single router .

33 Configuration with peer groups for 15 neighbor (config)#router bgp <as> (config-router)#neighbor <peer group name> peer-group (config-router)#neighbor <ip> peer-group <peer group name> *15 times (config-router)#neighbor <peer group name> route-reflector-client (config-router)#neighbor <peer group name> source-update loopback0 (config-router)#neighbor <peer group name> next-hop-self (config-router)#neighbor <peer group name> route-map <name> <in/out> (config-router)#neighbor <peer group name> prefix-list <name> <in/out> (config-router)#neighbor <peer group name> distribute-list <name> <in/out> • we may need about 21 command on a single router .

router generates a message digest.34 7-Authenticating in BGP • BGP authentication uses MD5. • Message digest is sent. of the key and the message. or hash. • Configure a key (password). Router authenticates the source of each routing update packet that it receives Router(config-router)# neighbor {ip-address | peer-group-name} password string . • Router generates and checks the MD5 digest of every segment sent on the TCP connection. key is not sent.

turn off BGP synchronization . there is still Internet access – Performance—Better path selection to common Internet destinations • Types of connectivity: 1-Default routes from all providers – Pass default route to internal routers 2-ISPs pass default routes + selected specific routes owned by ISP – Redistribute into Interior Gateway Protocol (IGP) for internal routers.35 8-Multihoming • Multiple connections to ISP is required to increase reliability (redundancy) and performance (load sharing) – Reliability—If one ISP or connection fails. or – Run BGP on all routers in the AS 3-ISPs pass all routes in their routing tables to customer AS – Run BGP on all internal routers.

36 – – – – Default Routes from All Providers Low memory and CPU usage ISPs send BGP default route • Default route passed into IGP • Choice of exit point when multiple default routes exist will be lowest IGP metric The AS of the customer sends all of its routes to providers (ISPs) Inbound path to the AS of the customer is decided by the ISPs .

37 Provider-Owned Routes and the Default Route from Each Provider – Medium memory and CPU usage – Best path to ISP-owned networks and to customer specific networks are usually the shortest AS path – Have ability to override path choice for some networks – IGP metric to default route used for all other destinations .

38 Full Routes from All Providers – Higher memory and CPU usage – Reach all destinations by best path • Usually shortest AS path – Can manually tune all pathways .

next-hop.: as-path.39 BGP attributes • BGP is not designed to choose paths based on bandwidth. Are propagated to other neighbors -well known mandatory must present in all update messages (ex. delay and other metrics. but paths are chosen based on policy attributes • Attributes are classified as follows: Well known attributes: must be recognized by all compliant BGP implementation. atomic aggregate) . origin) -well known discretionary may be present in update messages (ex.: local preference.

community) -Optional non transitive discarded if not recognised (ex.: weight .40 BGP attributes Optional attributes: recognised by some implementations (expected not to be recognised by every router (depend on router position in AS)) Recognized optional attributes are propagated to other neighbors based on their meaning -Optional transitive if not recognised are marked as partial and propagated to other neighbors (ex. it is not advertised in any updates ex.: MED (Multi Exit Discriminator)) -Cisco Attribute: local attribute on Cisco routers.: aggregator.

the path to 192. on router B. transitive • It is a list of AS numbers that a route has traversed to reach a router • Shortest AS path is prefered • AS path list is used to avoid loops between ASs • A list of Autonomous Systems that a route has traversed – For example.41 1-AS path attribute • The AS path attribute is Well known mandatory.168.1. .0 is the AS sequence (65500. 64520).

0.16.0 • • • • The IP address of the next AS to reach a given network: • Router A advertises network 172.10.10.0.16.3 as the next-hop address .3 • Router B advertises172. transitive It is the ip address of the next AS to reach a given network Next hop must be reachable so as the route is valid for use For self originated route next hop is 0. with a next hop of 10. keeping 10.0 to router B in EBGP.0.42 2-Next hop attribute The next-hop attribute is Well known mandatory.10.10.0.0 in IBGP to router C.

this normally happens when network command is used to advertise the route -EGP(e): the route is learned via EGP (old protocol). It defines the origin of the path information • The origin could be: -IGP(i): the route is interior to the originating AS. this happen when a route was redistributed from EGP -incomplete(?): the origin is unknown. this happen when the route is redistributed from IGP or static into BGP • Least origin is preferred (i<e<?) . transitive • The origin attribute informs all Autonomous Systems in the internetwork how the prefixes were introduced into BGP.43 3-Origin attribute • Well known mandatory.

44 4-Local preference attribute Well known discretionary. and is passed only within the AS. The local preference is Advertised between iBGP neighbors It provides an indication to routers in the inside of the AS about which path is preferred to exit the AS (best way to leave the AS. it influence outbound traffic from AS) Higher local preference is preferred Default local preference=100 • • • • • Any router inside the AS 64520 will prefer to exit that AS using path through A .

it influence inbound traffic to an AS) MED is used to advertise to EBGP neighbors how to exit their AS to reach networks Owned by this AS.20.0.0 . non transitive It is called metric Advertised between eBGP neighbors MED is an indication to eBGP neighbors about the prefered path to enter an AS (affect how others can enter your AS. • Lowest MED is prefered • Default MED=0 • MED is not compared between neighbors from different ASs.45 5-Multi Exit Discriminator (MED) attribute • • • • • The MED is an optional. unless (config-router)#bgp-always-compare-med A will choose to exit AS 65000 through B To reach 172.

for other routes default is 0 (weight 0-65535) A will choose path through B to reach network 172.0 .46 • Cisco attribute 6-Weight attribute • • Configured locally on the router and is not propagated to any BGP neighbor It identify a weight for routes from each neighbor • • Highest weight is preferred Default weight for self originated routes are 32768.20.0.

Community attribute • • • Optional transitive It is the grouping of routes and tag them for filtration actions All routes by default are members in a community called the Internet . of the router that perform the route aggregation 9.47 • • 7-Atomic aggregate attribute Well known discretionary It informs the routers that the originating router has performed aggregation (summarization) for routes. list of ASs that contain these routes can be advertised (aggregate-address command) 8-Aggregator attribute • • Optional transitive It specifies the BGP router ID & AS no.

• BGP is not designed to perform load balancing: • Paths are chosen because of policy. • • • . The BGP selection process eliminates any multiple pathways through attrition until a single best pathway is left. The routing protocol with the lowest administrative distance will be installed in the routing table. • Paths are not chosen based upon bandwidth. That best pathway is submitted to the routing table manager process and evaluated against the methods of other routing protocols for reaching that network (administrative distance).48 BGP route selection process • The BGP forwarding table usually has multiple pathways from which to choose for each network.

0. prefer eBGP path over iBGP path 7*-Prefer oldest route from eBGP path (more stable) 7**-Prefer path through the closest (lowest metric) IGP neighbors 9-Prefer the path from lowest neighbor BGP router ID • Finally only a single path is selected.0) 4-Prefer shortest AS path 5-Prefer lowest origin code (i (IGP) < e (EGP) < ? (incomplete)) 6-Prefer lowest MED (from other AS) 7-For routes from other AS.49 BGP route selection process • Consider only synchronized routes. routes with no AS loops and valid next hop routes.0. and no load sharing is available . then: 1-Prefer highest weight (local to router) 2-Prefer highest local preference (global within AS) 3-Prefer route originated by the local router (next hop 0.

] (config-route-map)#match <conditions> (config-route-map)#set <condition> 2-Activate route map: (config-router)#neigbhor <ip/peer group> route-map <name> <in/out> -Match conditions: match ip address <acl#> match community <community name> -Set conditions: set local-preference <no.50 Route maps for BGP policy implementation 1-Create route map: (config)#route-map <name> <permit/deny> [seq. no.> set as-path <path list> .> set weight <no.> set metric <no.

51 Verification and Troubleshooting #sh ip bgp #sh ip bgp summary #sh ip route #debug ip bgp [events/updates/keepalives] #clear ip bgp <*/address> (config-router)#[no] neighbor <ip/peer group> shutdown .

0.168.100 10.32/28 *>i172.1.1.50 V 4 4 4 4 AS MsgRcvd MsgSent 65200 211 211 65101 214 226 65101 214 226 65101 214 225 TblVer 13 23 23 23 InQ OutQ Up/Down State/PfxRcd 0 0 00:01:53 5 0 0 00:00:13 1 0 0 00:00:09 1 0 0 00:00:06 3 If no state in the state column this indicates an established state RouterA# show ip bgp BGP table version is 23.1. e .49 Status codes: s suppressed. .168.50 192.1.1.16.1.168.1. ? .100 192.34 192. 38/27 paths 0 prefixes revised.incomplete Network *> 10.1. h history.168.11.1.EGP.168. d damped.1.48/28 *> 192.1.34 192.0 *>i Next Hop 10.1. local router ID is 192.1.0.0 *> 172.0.168.1.168.64/28 * i192.52 RouterA# show ip bgp summary Verification and Troubleshooting BGP table version is 23.2.1.16/28 *>i172.1.100 192.1.101. main routing table version 23 10 network entries and 11 paths using 1242 bytes of memory 4 BGP path attribute entries using 380 bytes of memory BGP activity 23/13 prefixes.0/24 *> 172.1.0/24 *>i172.100 192.1.0 *> 192.0. * valid.168.1.internal Origin codes: i .0 *> 192.26.100 10.168. > best.168.18 Metric LocPrf Weight Path 0 0 65200 i 0 0 65200 i 0 0 65200 i 0 100 0 i 0 100 0 i 0 100 0 i 0 32768 i 0 65200 65102 i 0 65200 65102 i 0 100 0 i 0 100 0 i The table displays networks from lowest network to highest.1.50 192.50 0. i .2.168.168.26.168.100 10.1.IGP.1.16.0 10.26.1.18 192. Neighbor 10.10.1.

It can take a long time for the policy to be applied to all networks. • The session should be reset to ensure the policy is immediately applied to all affected prefixes and pathways. the BGP session must be reset. • Ways to trigger an update: – Hard reset – Soft reset – Route refresh . or attributes are changed. • The change takes effect immediately. • You must trigger an update to ensure that the policy is immediately applied to all affected prefixes and paths. timers. and the next time a prefix or pathway is advertised or received.53 Clearing the BGP Session • When policies such as access lists. the new policy will be used.